PKDSLBL in GENCERT subcommand
Article ID: 189780
Updated On:
Products
ACF2
ACF2 - DB2 Option
ACF2 for zVM
ACF2 - z/OS
ACF2 - MISC
LDAP SERVER FOR Z/OS
PAM CLIENT FOR LINUX ON MAINFRAME
WEB ADMINISTRATOR FOR TOP SECRET
Issue/Introduction
Usage of the PKDSLBL in the ACF2 GENCERT subcommand. What will happen if PKDSLBL is not specified when doing a GENCERT? If PKDSLBL is not specified, does the private key get stored in ACF2 database and public key in the certificate? If the PKDSLBL is specified with PCICC, does the private key get stored in ICSF database and public key in the certificate?
Environment
Release : 16.0
Component : CA ACF2 for z/OS
Resolution
If PKDSLBL is not specified, the PKDS label is generated in the format IRR.DIGTCERT.userid.cvtsname.ebcdic-stck-value, where userid is the owning user ID, cvtsname is the system name, which is taken from the CVT, and ebcdic-stck-value is an EBCDIC version of the current store clock value. Regardless of whether PKDSLBL is specified or not, if either ICSF or PCICC is specified the private key will be stored in ICSF.
Feedback
Yes
No
Powered by
