|
- User NETADMN has a digital certificate in a data
set, and is uncertain who it belongs to, and whether or not it has
been defined. The digital certificate is in data set 'NETADMN.SOMEONZ.CERT'.
NETADMN has UPDATE authority to the FACILITY class resource IRR.DIGTCERT.LIST.
He issues the following RACDCERT, and the output he receives indicates
that it has already been defined for user GTM:
RACDCERT CHECKCERT('NETADMN.SOMEONZ.CERT')
Digital certificate information for user GTM:
Label: LABEL00000001
Certificate ID: 2QPH49TH49RAw4WZo4mGiYOBo4VA
Status: NOTRUST
Start Date: 2010/11/11 00:00:00
End Date: 2011/11/11 23:59:59
Serial Number:
>84<
Issuer's Name:
>CN=BobsBank Class 2<
Subject's Name:
>loanOf@BobsBank.com.CN=G.T.Miles.T=President.OU=Loans.O=BobsBank,INC<
>..SP=NY.L=Internet.C=USA<
Signing Algorithm: sha1RSA
Key Type: RSA
Key Size: 1024
Private Key: NO
- User USERA finds a digital certificate and is uncertain
who it belongs to, and whether or not it has been defined to RACF®. The digital certificate is
contained in data set 'NETADMN.SOMEONZ.CERT' and
is associated with user GTM. USERA has READ authority to the data
set 'NETADMN.SOMEONZ.CERT'. He issues the following
RACDCERT command. The output he receives reflects only the certificate
information contained in the data set, and does not include certificate
information contained in the RACF database.
Note that the listing contains the same level of information that
NETADMN receives in Example 3.
RACDCERT CHECKCERT('NETADMN.SOMEONZ.CERT')
Start Date: 2010/11/11 00:00:00
End Date: 2011/11/11 23:59:59
Serial Number:
>84<
Issuer's Name:
>CN=BobsBank Class 2<
Subject's Name:
>loanOf@BobsBank.com.CN=G.T.Miles.T=President.OU=Loans.O=BobsBank,INC<
>..SP=NY.L=Internet.C=USA<
Signing Algorithm: sha1RSA
- User NETADMN has a digital certificate in a data
set, and is uncertain who it belongs to, and whether or not it has
been defined. The digital certificate is in data set 'NETADMN.SOMELSZ.CERT'.
NETADMN has CONTROL authority to the FACILITY class resource IRR.DIGTCERT.LIST.
He issues the following RACDCERT command, and
the output he receives indicates that the certificate is not associated
with a user ID.
RACDCERT CHECKCERT('NETADMN.SOMELSZ.CERT')
Start Date: 2010/03/18 14:58:37
End Date: 2011/03/17 14:58:37
Serial Number:
>79<
Issuer's Name:
>CN=BobsBank Class 2<
Subject's Name:
>brchMGR@BobsBank.com.CN=J. Miles.T=Manager.OU=Branch2.O=BobsBank,INC<
>..SP=NY.L=Internet.C=USA<
Signing Algorithm: sha1RSA
- User NETADMN has a chain of digital certificates in
a data set, and wants to know if the digital certificates are defined
to RACF. The digital certificates
are in data set 'NETADMN.SOMECHN.CERT'. NETADMN has
CONTROL authority to the FACILITY class resource IRR.DIGTCERT.LIST.
He issues the following RACDCERT command, and the output he receives
indicates that the certificates are not in RACF, because the Label, Certificate
ID, and Status fields are not shown
for any of them.
RACDCERT CHECKCERT('NETADMN.SOMECHN.CERT')
Certificate 1:
Start Date: 2011/10/20 00:00:00
End Date: 2012/10/20 23:59:59
Serial Number:
>05<
Issuer's Name:
>CN=sampleCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=samplecert.O=Test.SP=Poughkeepsie.C=US<
Subject's AltNames:
IP: 127.0.0.5
EMail: choi at us.ibm.com
Domain: www.ibm.com
Signing Algorithm: sha1RSA
Key Usage: HANDSHAKE
Key Type: RSA
Key Size: 1024
Certificate 2:
Start Date: 2010/03/22 00:00:00
End Date: 2020/10/22 23:59:59
Serial Number:
>02<
Issuer's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=sampleCA.O=Test.SP=Poughkeepsie.C=US<
Signing Algorithm: sha256RSA
Key Usage: CERTSIGN
Key Type: RSA
Key Size: 2048
Certificate 3:
Start Date: 2008/04/20 00:00:00
End Date: 2038/04/20 23:59:59
Serial Number:
>00<
Issuer's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Signing Algorithm: sha256RSA
Key Usage: CERTSIGN
Key Type: RSA
Key Size: 4096
Chain information:
Chain contains 3 certificate(s), chain is complete
- User NETADMN has a chain of digital certificates in
a data set, and wants to know if the digital certificates are defined
to RACF. The digital certificates
are in data set 'NETADMN.SOMECHN.CERT'. NETADMN has
CONTROL authority to the FACILITY class resource IRR.DIGTCERT.LIST.
He issues the following RACDCERT command, and the output he receives
indicates that only the end-entity certificate is in RACF, because the Label, Certificate
ID, and Status fields are shown
for that certificate but not the others. The output also shows that
the end-entity certificate has expired, because the end date is before
the current date.
RACDCERT CHECKCERT('NETADMN.SOMECHN.CERT')
Certificate 1:
Digital certificate information for user CHOI:
Label: samplecert
Certificate ID: 2QbmxsPI1smJl4OFmaPy
Status: TRUST
Start Date: 2010/10/20 00:00:00
End Date: 2011/10/20 23:59:59
Serial Number:
>05<
Issuer's Name:
>CN=sampleCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=samplecert.O=Test.SP=Poughkeepsie.C=US<
Subject's AltNames:
IP: 127.0.0.5
EMail: choi at us.ibm.com
Domain: www.ibm.com
Signing Algorithm: sha1RSA
Key Usage: HANDSHAKE
Key Type: RSA
Key Size: 1024
Private Key: Yes
PKDS Label: SAMPLECERT
Certificate 2:
Start Date: 2010/03/22 00:00:00
End Date: 2020/10/22 23:59:59
Serial Number:
>02<
Issuer's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=sampleCA.O=Test.SP=Poughkeepsie.C=US<
Signing Algorithm: sha256RSA
Key Usage: CERTSIGN
Key Type: RSA
Key Size: 2048
Certificate 3:
Start Date: 2008/04/20 00:00:00
End Date: 2038/04/20 23:59:59
Serial Number:
>00<
Issuer's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Signing Algorithm: sha256RSA
Key Usage: CERTSIGN
Key Type: RSA
Key Size: 4096
Chain information:
Chain contains 3 certificate(s), chain is complete
Chain contains expired certificate(s)
- User NETADMN has a chain of digital certificates in
a data set, and wants to know if the digital certificates are defined
to RACF. The digital certificates
are in data set 'NETADMN.SOMECHN.CERT'. NETADMN has
CONTROL authority to the FACILITY class resource IRR.DIGTCERT.LIST.
He issues the following RACDCERT command, and the output he receives
indicates that the certificates are not in RACF, because the Label, Certificate
ID, and Status fields are not shown
for any of them. The output also shows that the signature on certificate
2 is not valid.
RACDCERT CHECKCERT('NETADMN.SOMECHN.CERT')
Certificate 1:
Start Date: 2011/10/20 00:00:00
End Date: 2012/10/20 23:59:59
Serial Number:
>05<
Issuer's Name:
>CN=sampleCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=samplecert.O=Test.SP=Poughkeepsie.C=US<
Subject's AltNames:
IP: 127.0.0.5
EMail: choi at us.ibm.com
Domain: www.ibm.com
Signing Algorithm: sha1RSA
Key Usage: HANDSHAKE
Key Type: RSA
Key Size: 1024
Private Key: No
Certificate 2:
Start Date: 2010/03/22 00:00:00
End Date: 2020/10/22 23:59:59
Serial Number:
>02<
Issuer's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=sampleCA.O=Test.SP=Poughkeepsie.C=US<
Signing Algorithm: sha256RSA
Key Usage: CERTSIGN
Key Type: RSA
Key Size: 2048
Private Key: No
IRRD302I Processing terminated. Problem found in certificate 2 in the
dataset.
IRRD112I The certificate that you are processing does not have a
valid signature.
- User NETADMN has a chain of digital certificates in
a data set, and wants to know if the digital certificates are defined
to RACF. The digital certificates
are in data set 'NETADMN.SOMECHN.CERT'. NETADMN has
CONTROL authority to the FACILITY class resource IRR.DIGTCERT.LIST.
He issues the following RACDCERT command, and the output he receives
indicates that certificate 1 is not in RACF,
because the Label, Certificate ID,
and Status fields are not shown for it. The
output also shows that the name on certificate 2 contains a character
that is not valid. Certificate 2 is not displayed, and processing
of the command stops.
Certificate 1:
Start Date: 2011/10/20 00:00:00
End Date: 2012/10/20 23:59:59
Serial Number:
>05<
Issuer's Name:
>CN=sampleCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=samplecert.O=Test.SP=Poughkeepsie.C=US<
Subject's AltNames:
IP: 127.0.0.5
EMail: choi at us.ibm.com
Domain: www.ibm.com
Signing Algorithm: sha1RSA
Key Usage: HANDSHAKE
Key Type: RSA
Key Size: 1024
Private Key: No
IRRD302I Processing terminated. Problem found in certificate 2 in the
dataset.
IRRD182I Unexpected character encountered.
|