What are the ACF2 equivalent to Keyring User Name, Keyring  Name and Certificate Alias?

book

Article ID: 194593

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

What are the ACF2 equivalent to RACF:
a- Keyring User Name
b- Keyring  Name
c- Certificate Alias.

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

The ACF2 equivalent to RACF:
   a- Keyring User Name
   b- Keyring  Name
   c- Certificate Alias
are shown in the following examples.

The term LABEL is used by RACF and ALIAS is used by JKS to reference the same artifact, therefore the phrase label or alias can be used interchangeably.

For example, for a GENCERT:

RACDCERT GENCERT CERTAUTH SUBJECTSDN(CN('CA for zosConnect') O('IBM') OU('zosConnect') C('US')) SIZE(2048) WITHLABEL('zosConnectCA') NOTAFTER(DATE(2029-12-31))

The ACF2 equivalent GENCERT is:

GENCERT CERTAUTH.zosConn SUBJ(CN='CA for zosConnect' O='IBM' OU='zosConnect' C=US) SIZE(2048) LABEL(zosConnectCA) EXPIRE(12/31/2029)

The command uses the following values:

CN('CA for zosConnect') O('IBM') OU('zosConnect') C('US') is an example distinguished name (DN) for the certificate.
c- Certificate Alias => zosConnectCA is the label or alias of the certificate.

For example, for a CONNECT:

RACDCERT ID(ZCSERV1) CONNECT(RING(Keyring.ZOSCONN) LABEL('zosConnectCA') CERTAUTH)

The ACF2 equivalent CONNECT is:

CONNECT USERID(ZCSERV1.cert) LABEL(zosConnectCA) KEYRING(ZCSERV1.ring) RINGNAME(Keyring.ZOSCONN) USAGE(CERTAUTH)

The command uses the following values:

a- Keyring User Name => ZCSERV1 is the user ID that owns the key ring(ACF2 KEYRING record name is in the format of userid.suffix).

b- Keyring  Name => Keyring.ZOSCONN is the name of the key ring(ACF2 RINGNAME).

c- Certificate Alias => zosConnectCA is the label or alias of the certificate to be connected to the key ring(ACF2 certifcate LABEL).

Additional Information