Universal Certificate for zOS

Overview

Universal Certificate for z/OS executes as a batch job.

This section describes the Universal Certificate for z/OS JCL and command line options.

JCL Procedure

The following figure illustrates the Universal Certificate for z/OS JCL procedure (UCRPRC, located in the SUNVSAMP library), that is provide to simplify the execution JCL and future maintenance.


DD Statements used in JCL Procedure

The following table describes the DD statements used in the Universal Certificate for z/OS JCL procedure, above.
 

ddname

Description

STEPLIB

Load library in which program UCERT is located.

UNVDB

UCERT certificate database.

UNVNLS

UCERT national language support ddname.

UNVTRACE

UCERT trace ddname.

SYSPRINT

UCERT standard output ddname.

SYSOUT

UCERT standard error ddname.

JCL

The following figure illustrates the Universal Certificate for z/OS JCL using the UCRPRC JCL procedure, above.



Command Line Syntax

The following figure illustrates the syntax - using the long form of command line options - of Universal Certificate for z/OS.

ucert[-codepage codepage][-level {trace|audit|info|warn|error}][ -file ddname | -encryptedfile ddname [-key key] [-keypath path]

Creating a certificate request.
{-create request
-request_file ddname [-request_format {pem|der}]
-private_key_file ddname [-private_key_format {pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
[-private_key_pwd password]
[-key_size {512|1024|2048|3072||4096}]
[-country name]
[-state name]
[-locality name]
[-organization name]
[-organizational_unit name]
[-common_name name]
{ [-dns_name name] | [-ip_address name] }
[-sig_alg algorithm]
[-email_address name]


Creating a certificate from a certificate request.
| -create cert
-request_file ddname [-request_format {pem|der}]
-cert_file ddname [-cert_format {pem|der}]
[-cert_db ddname]
-private_key_file ddname [-private_key_format {pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
[-private_key_pwd password]
-ca_cert_file ddname [-ca_cert_format {pem|der}]
[-serial_number number]
[-not_before_date date] [-not_after_date date]
[-ca {yes|no}]
[-sig_alg algorithm]


Creating a certificate from a transport file.
| -create cert
-transport_file ddname [-transport_file_pwd password]
-cert_file ddname [-cert_format {pem|der}]
-private_key_file ddname [-private_key_format {pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
-ca_cert_file ddname [-ca_cert_format {pem|der}]


Creating a certificate revocation list.
| -create crl
-crl_file ddname [-crl_format {pem|der}]
-ca_cert_file ddname [-ca_cert_format {pem|der}]
-private_key_file ddname [-private_key_format {pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
[-private_key_pwd password]
-next_update_days days
-next_update_hours hours
[-cert_db ddname]


Creating a transport file.
| -create transport
-transport_file ddname [-transport_file_pwd password]
-cert_file ddname [-cert_format {pem|der}]
-private_key_file ddname [-private_key_format pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
[-private_key_pwd password]
-ca_cert_file ddname [-ca_cert_format {pem|der}]
[-common_name name]
[-keypbe encryption]
[-certpbe encryption]


Revoking a certificate.
| -revoke cert
[-revoke_reason {unspecified|keyCompromise|caCompromised|affiliationChange|superseded|
cessationofOperation|privilegeWithdrawn}]
-cert_file ddname [-cert_format {pem|der}]
[-cert_db ddname]


Printing a certificate request.
| -print request
-request_file ddname [-request_format {pem|der}]


Printing a certificate.
| -print cert
-cert_file ddname [-cert_format {pem|der}]


Printing a certificate revocation list.
| -print crl
-crl_file ddname [-crl_format {pem|der}]


Printing a transport file.
| -print transport
-transport_file ddname [-transport_file_pwd password]


Verifying a certificate.
| -verify cert
-cert_file ddname [-cert_format {pem|der}]
-ca_cert_file ddname [-ca_cert_format {pem|der}]
-crl_file ddname [-crl_format {pem|der}]


ucert
{ -help | -version }