search cancel

How to INSERT an ACF2 CERTMAP using the DSNAME parameter?

book

Article ID: 213164

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

The INSERT or CHANGE of a CERTMAP record can be used with the DSNAME(DSN) parameter to point to a certificate in a z/OS file to pick up portions of the  distinguished name from certificates SUBJDN. Is there an example?

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

The following certificate that is stored in the ACF2 INFOSTG database can be EXPORTed into a z/OS file:

ACF
list TEST123.cert                                                             
                                                                               
  CERTDATA / TEST123.CERT LAST CHANGED BY USER002 ON 04/09/21-12:39           
                       ISSUERDN(CN=MVSSYS8CA.OU=Auditing Department.O=CA.C=US)
                       KEYSIZE(2,048) LABEL(LDAPServer) SERIAL#(01)            
                       SUBJDN(CN=mvssys8.tst.blue.com.OU=CA.C=US) TRUST  
EXPORT TEST123.CERT DSN('USER002.EXPORT.CERTMAP')  

Next INSERT the CERTMAP record using DSName to point to the CERTB64 certificate EXPORTed, in the SDNFILTR just specify the starting point of the filter(CN=mvssys8.tst.blue.com) to pickup the remainder of the filter(OU=CA.C=US).

SET CONTROL(GSO)
 INSERT CERTMAP.lvl8 USERID(C311D2T) TRUST SDNFILTR(CN=mvssys8.tst.blue.com) DSN('USER002.EXPORT.CERTMAP')

  SYS8 / CERTMAP.LVL8 LAST CHANGED BY USER002 ON 04/19/21-13:11               
                       LABEL() NOMULTIID                                      
                       SDNFILTR(CN=mvsSYS8.tst.blue.com.OU=CA.C=US) TRUST
                       USERID(C311D2T)                                        
 ACF6D074 SYS8 / CERTMAP.LVL8 RECORD INSERTED