search cancel

PKDSLBL in GENCERT subcommand

book

Article ID: 189780

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC LDAP SERVER FOR Z/OS PAM CLIENT FOR LINUX ON MAINFRAME WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

Usage of the PKDSLBL in the ACF2 GENCERT subcommand. What will happen if PKDSLBL is not specified when doing a GENCERT? If PKDSLBL is not specified, does the private key get stored in ACF2 database and public key in the certificate? If the PKDSLBL is specified with PCICC,  does the private key get stored in ICSF database and public key in the certificate?


 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

If PKDSLBL is not specified, the PKDS label is generated in the format IRR.DIGTCERT.userid.cvtsname.ebcdic-stck-value, where userid is the owning user ID, cvtsname is the system name, which is taken from the CVT, and ebcdic-stck-value is an EBCDIC version of the current store clock value. Regardless of whether PKDSLBL is specified or not, if either ICSF or PCICC is specified the private key will be stored in ICSF.