How to ascertain if certificate name filtering in ACF2 is in use?

book

Article ID: 184066

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA LDAP Server for z/OS CA PAM Client for Linux for zSeries CA Web Administrator for Top Secret

Issue/Introduction

What commands in ACF2 will show if certificate name filtering is active.

These commands were issued..
SET CONTROL(GSO)
SHOW CERTMAP

and the outcome was..

 -- CERTMAP FILTERING TABLES --  
 CONTROL              
           

What does "CONTROL" mean in the above?  
Is certificate name filtering in use?

 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution


This means there are no certmap records defined and you are in control mode after issuing SET CONTROL(GSO).

If SET LID had been issued the output would have shown

SET LID
SHOW CERTMAP
 -- CERTMAP FILTERING TABLES --
LID

There is no need to be in control(GSO) mode to issue any SHOW commands

In the above example certificate name filtering is not active.

If certificate name filtering IS active the following example might be seen.

-- CERTMAP FILTERING TABLES --

IDN/SDN FILTERS
---------------                     
                                          IDN FILTER    

                                                S
DN FILTER
Label                            TRUST   USER   CRITERIA
================================ ===== ======== ==============================
ACF2 DEVELOPMENT                   Y   ACF2DEVL CN=CAI CERT AUTHORITY.OU=ACF2
                                                DEVELOPMENT.O=COMPUTER ASSOCIATE
                                                S.L=LISLE.ST=ILLINOIS.C=US
                                                OU=ACF2.OU=DEVELOPMENT.OU=COMPUT
                                                ER ASSOCIATES.L=LISLE.ST=ILLIN OIS.
                                                C=US

                                                                               
                                                                               
                                                                               
ACF                                                                            

Additional Information

This request is related to stigV-3225.
TECHDOC location: