Universal Certificate for zOS

Owned by
Stonebranch
Jul 03, 2023
2 min read

Overview

Universal Certificate for z/OS executes as a batch job.

This section describes the Universal Certificate for z/OS JCL and command line options.

JCL Procedure

The following figure illustrates the Universal Certificate for z/OS JCL procedure (UCRPRC, located in the SUNVSAMP library), that is provide to simplify the execution JCL and future maintenance.


//UCRPRC   PROC UPARM=,               -- UCERT options
//             UCRPRE=#SHLQ.UNV,
//             UCRDBPRE=#PHLQ.UNV
//*
//PS1      EXEC PGM=UCERT,PARM='ENVAR(TZ=EST5EDT)/&UPARM'
//STEPLIB  DD  DSN=&UCRPRE..SUNVLOAD,
//             DISP=SHR
//*
//UNVDB    DD  DSN=&UCRDBPRE..UCRDB,
//             DISP=SHR
//UNVNLS   DD  DSN=&UCRPRE..SUNVNLS,
//             DISP=SHR
//UNVTRACE DD  SYSOUT=*
//*
//SYSPRINT DD  SYSOUT=*
//SYSOUT   DD  SYSOUT=*
//CEEDUMP  DD  SYSOUT=*
//SYSUDUMP DD  SYSOUT=*

DD Statements used in JCL Procedure

The following table describes the DD statements used in the Universal Certificate for z/OS JCL procedure, above.
 

ddname

Description

STEPLIB

Load library in which program UCERT is located.

UNVDB

UCERT certificate database.

UNVNLS

UCERT national language support ddname.

UNVTRACE

UCERT trace ddname.

SYSPRINT

UCERT standard output ddname.

SYSOUT

UCERT standard error ddname.

JCL

The following figure illustrates the Universal Certificate for z/OS JCL using the UCRPRC JCL procedure, above. 


//UCERT    EXEC PGM=UCERT
//STEPLIB  DD  DISP=SHR,DSN=UNV.SUNVLOAD
//UNVNLS   DD  DISP=SHR,DSN=UNV.SUNVNLS
//UNVDB    DD  DISP=SHR,DSN=UNV.UCRDB
//UNVTRACE DD  SYSOUT=*
//SYSPRINT DD  SYSOUT=*
//SYSOUT   DD  SYSOUT=*
//CEEDUMP  DD  SYSOUT=*
//SYSIN    DD  DUMMY


Command Line Syntax

The following figure illustrates the syntax - using the long form of command line options - of Universal Certificate for z/OS.

ucert[-codepage codepage][-level {trace|audit|info|warn|error}][ -file ddname | -encryptedfile ddname [-key key] [-keypath path]

Creating a certificate request.
{-create request
-request_file ddname [-request_format {pem|der}]
-private_key_file ddname [-private_key_format {pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
[-private_key_pwd password]
[-private_key_type {RSA|EC}]
[-key_size {512|1024|2048|3072|4096}]
[-elliptic_curve {secp112r2|secp160r1|secp224k1|prime256v1|secp384r1}]
[-country name]
[-state name]
[-locality name]
[-organization name]
[-organizational_unit name]
[-common_name name]
{ [-dns_name name] | [-ip_address name] }
[-sig_alg algorithm]
[-email_address name]


Creating a certificate from a certificate request.
| -create cert 
-request_file ddname [-request_format {pem|der}] 
-cert_file ddname [-cert_format {pem|der}]
[-cert_db ddname] 
-private_key_file ddname [-private_key_format {pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
[-private_key_pwd password]
-ca_cert_file ddname [-ca_cert_format {pem|der}]
[-serial_number number]
[-not_before_date date] [-not_after_date date]
[-ca {yes|no}]
[-sig_alg algorithm]


Creating a certificate from a transport file.
| -create cert
-transport_file ddname [-transport_file_pwd password]
-cert_file ddname [-cert_format {pem|der}]
-private_key_file ddname [-private_key_format {pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
-ca_cert_file ddname [-ca_cert_format {pem|der}]


Creating a certificate revocation list.
| -create crl
-crl_file ddname [-crl_format {pem|der}]
-ca_cert_file ddname [-ca_cert_format {pem|der}]
-private_key_file ddname [-private_key_format {pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
[-private_key_pwd password]
-next_update_days days
-next_update_hours hours
[-cert_db ddname]


Creating a transport file.
| -create transport
-transport_file ddname [-transport_file_pwd password]
-cert_file ddname [-cert_format {pem|der}]
-private_key_file ddname [-private_key_format pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
[-private_key_pwd password]
-ca_cert_file ddname [-ca_cert_format {pem|der}]
[-common_name name]
[-keypbe encryption]
[-certpbe encryption]


Revoking a certificate.
| -revoke cert
[-revoke_reason {unspecified|keyCompromise|caCompromised|affiliationChange|superseded|
cessationofOperation|privilegeWithdrawn}]
-cert_file ddname [-cert_format {pem|der}]
[-cert_db ddname]


Printing a certificate request.
| -print request
-request_file ddname [-request_format {pem|der}]


Printing a certificate.
| -print cert
-cert_file ddname [-cert_format {pem|der}]


Printing a certificate revocation list.
| -print crl
-crl_file ddname [-crl_format {pem|der}]


Printing a transport file.
| -print transport
-transport_file ddname [-transport_file_pwd password]


Verifying a certificate.
| -verify cert
-cert_file ddname [-cert_format {pem|der}]
-ca_cert_file ddname [-ca_cert_format {pem|der}]
-crl_file ddname [-crl_format {pem|der}]


ucert
{ -help | -version }