MODIFY command: Network security services server

You can use the operator console and the MODIFY command to control the network security services (NSS) server functions.

Format:


|--+-MODIFY-+--procname,DISPLAY--+---------------+--------------|
   '-F------'                    '-'-,URLCACHE-'-'   

|--+-MODIFY-+--procname,REFRESH--+--------------------+---------|
   '-F------'                    +-,FILE='filename'---+   
                                 '-,FILE=//'filename'-'

Parameters:

procname

The member name of the cataloged procedure that is used to start the network security services daemon (NSSD).

DISPLAY

Displays configuration values that are currently being used by the NSS server.

URLCACHE: Displays the current contents of the URL cache instead of displaying the configuration information. For each URL that has data cached, this command displays the type of data (Cert, Bundle, or CRL), the expiration date and time of the cache entry, and the URL for which data is cached.

REFRESH

Indicates that the NSS server configuration file should be reread and any cached certificate URL data should be flushed. See the Network security services server information in z/OS Communications Server: IP Configuration Reference for more information.

FILE: Indicates the name and location of the network security services (NSS) server configuration file that is to be read. The filename value must be a fully qualified z/OS® UNIX file name or an MVS™ data set name. You must enclose a z/OS UNIX file name in single quotation marks ('). MVS data set names must begin with two forward slashes (//) and you must enclose the data set name in single quotation marks ('). If the FILE parameter is omitted, the normal search order for locating the configuration data set or file applies. See the steps for configuring the NSS server in the z/OS Communications Server: IP Configuration Guide for information about the search order. This option is valid only when it is specified with the REFRESH parameter. If you omit this option, the NSS server rereads the configuration file with which it was started.

Examples:

The following example displays the configuration values that are currently being used by the NSS server.

f nssd,display

EZD1386I DISPLAY NSS CONFIGURATION
DISPLAY Network Security Server Configuration Parameters:
    Port        = 4159
    SyslogLevel = 255     (0x00ff)
    KeyRing     = "nssd/keyring"
    ----------------------------------
    Discipline IPSec        = Enabled
    Discipline XMLAppliance = Enabled
    ----------------------------------
  IPSec Discipline Configuration Parameters:
    FIPS140     = No
    URLCacheInterval = 10080
    There are 2 CertificateURL and CertificateBundleURL entries:
      Type   Label                            URL
      ------ -------------------------------- -------------------------
      Cert   Cert1                            http://example.com/cert1.der
      Bundle Root1 Chain MVSA Cert5           http://example.com/certbndl2.bndl

The following example displays the current URL cache information.

f nssd,display,urlcache

EZD1389I DISPLAY NSS URLCACHE:
URL Cache:
Type   Expiration          URL
------ ------------------- -------------------------
CRL    2010/02/04 12:48:12 HTTP://EXAMPLE.COM:80/crl.der
Cert   2010/02/04 12:50:36 HTTP://EXAMPLE.COM:80/cert2.der
2 URL Cache entries displayed.