Purpose
Use
the RACDCERT LISTRING command to display the specified key ring, or
all key rings, associated with a user, certificate authority, or site
certificate.
Issuing options
The following table identifies
the eligible options for issuing the RACDCERT LISTRING command:
| As a RACF® TSO command? |
As a RACF operator command? |
With command direction? |
With automatic command direction? |
From the RACF parameter library? |
|---|
| Yes |
No |
No. (See rules.) |
No. (See rules.) |
No |
Rules: The
following rules apply when issuing this command. - The RACDCERT command cannot be directed to a remote system using
the AT or ONLYAT keyword.
- The updates made to the RACF database
by RACDCERT are eligible for propagation with automatic direction
of application updates based on the RRSFDATA profiles AUTODIRECT.target-node.DIGTCERT.APPL
and AUTODIRECT.target-node.DIGTRING.APPL,
where target-node is the remote node to
which the update is to be propagated.
|
Authorization required
To
issue the RACDCERT LISTRING command, you must have the SPECIAL attribute
or sufficient authority to the IRR.DIGTCERT.LISTRING resource in the
FACILITY class for your intended purpose.
Table 1. Authority required for the RACDCERT LISTRING function| IRR.DIGTCERT.LISTRING |
|---|
| Access level |
Purpose |
|---|
| READ |
List your own key ring. |
| UPDATE |
List another user's key ring. |
Related commands
- To list a certificate, see RACDCERT LIST.
- To list a token, see RACDCERT LISTTOKEN.
Syntax
For the key to
the symbols used in the command syntax diagrams, see Syntax of RACF commands and operands. The complete syntax of the RACDCERT
LISTRING is:
| |
|---|
| RACDCERT LISTRING[(ring-name)] |
| [ID(ring-owner)]
|
If you specify more than one RACDCERT function, only
the last specified function is processed. Extraneous keywords that
are not related to the function being performed are ignored.
If you do not specify a RACDCERT function, LIST is
the default function.
For information on issuing this command as a RACF TSO command, refer to RACF TSO commands.
Parameters
- LISTRING
- LISTRING(ring-name | * )
- The ring-name value
is the name of the key ring. To list all rings that are associated
with a particular user, LISTRING(*) must be specified.
For each certificate in the ring, the following information is displayed:
- The ring name
- The owner of the certificate (ID(name), CERTAUTH, or SITE)
- The label assigned to the certificate
- The DEFAULT status of the certificate within the ring
- The usage within the ring.
Because only user IDs can have key rings, neither CERTAUTH nor
SITE can be specified with LISTRING.
- ID(ring-owner)
- Specifies the user ID of the key ring owner. (Only a user ID can
have a key ring.) If not specified, the key ring owner defaults to
the command issuer's user ID.
Examples
| |
|
|
|---|
| Example 1 |
Operation |
User GEORGEM requests the listing of his key
rings. |
| Known |
User ID GEORGEM has three key rings with certificates
and one key ring that has no certificates. |
| Command |
RACDCERT LISTRING(*) |
| Output |
See Figure 1. |
Figure 1. Output
for the RACDCERT LISTRING commandDigital ring information for user GEORGEM:
Ring:
>GEORGEMsNewRing01<
Certificate Label Name Cert Owner USAGE DEFAULT
-------------------------- ------------ -------- -------
New Cert Type - Ser # 00 ID(GEORGEM) PERSONAL YES
New Type Cert - VsignC1 ID(GEORGEM) CERTAUTH NO
New Type Cert - VsignC2 ID(GEORGEM) SITE NO
65 ID(JOHNP) PERSONAL NO
Ring:
>GEORGEMsRing<
Certificate Label Name Cert Owner USAGE DEFAULT
-------------------------- ------------ -------- -------
GEORGEM's Cert # 48 ID(GEORGEM) PERSONAL NO
GEORGEM's Cert # 84 ID(GEORGEM) PERSONAL NO
New Cert Type - Ser # 00 ID(GEORGEM) PERSONAL YES
Ring:
>GEORGEMsRing#2<
Certificate Label Name Cert Owner USAGE DEFAULT
-------------------------- ------------ -------- -------
GEORGEM's Cert # 84 ID(GEORGEM) PERSONAL NO
GEORGEM's Cert # 48 ID(GEORGEM) PERSONAL NO
Ring:
>GEORGEMsRing#3<
*** No certificates connected ***
z/OS Security Server RACF Command Language Reference
Copyright IBM Corporation 1990, 2014