Hi Richard,

CARLa fields have a default output length that is used when no overriding specification is provided. For CERTIFICATE_ALT_DOMAIN that is indeed 40.

If you want a different column width, you can specify the number as an override in brackets behind the field name. You can see examples in this query where for example COMPLEX is printed in a column of width 13 while the default is 8 [in this case, as part of the TT or TOPTITLE].

If you want the output "with whatever length it actually has" you can specify the width as 0. Note that this can result in a "ragged column" when the actual lengths in the various records are different, so there are limitations when you use this in any position other than the last one on an output line.

When "just" specifying the width as 0, it is possible for data to fall off at the end of the line when the line length is exceeded. If you still want to ensure that you see all the data, you can add the modifier WRAP to specify that the output should also be wrapped to the next line. In this case, the rest of the output will start in the same column position on the next line(s). You see that this specification has also been used in this query for some other fields.

In this case, the field CERTIFICATE_ALT_DOMAIN is on a line by itself, so it should be fine to change it to:
/ certificate_alt_domain(p,0,wrap),

Note that the P (short for PREFIX) modifier specifies that the field's "prefix header" (in this case "Certificate AltName domain") is printed before the output value. When the line is wrapped, the prefix header is repeated on each line, while the value occurs wrapped behind it as explained above. The prefix header takes up 29 characters [and is followed by a blank]. (This value is fixed so that a list of such fields has their values start in the same column.)

I hope this helps,

--Jeroen

P.S. To see the default properties for the fields, you can use the FIELDS primary command in the ISPF UI, and then first go to BUILTIN, then to the newlist type (in this case RACF), and scroll down to the field (or, say, FIND AltName). That would show you the the prefix header (as "Description") and the 40 ("Len"), among other things.

This is a very useful report shared by Mr. DeLaat.  Jeroen, Richard, would you be able to make a slight modification to this to show how to only select certificates within a certain date range?  I am trying to figure out how to approach to be able to create a report to show certificates 'added'/'modified'/'deleted',  their activity, based on each month of the year.  Is it an easy modification to Mr. DeLaat's program, or, need to re-think from the bottom up?  

Many thanks for this forum and discussion group. 

Lynn Gilson

Hi Richard,

CARLa fields have a default output length that is used when no overriding specification is provided. For CERTIFICATE_ALT_DOMAIN that is indeed 40.

If you want a different column width, you can specify the number as an override in brackets behind the field name. You can see examples in this query where for example COMPLEX is printed in a column of width 13 while the default is 8 [in this case, as part of the TT or TOPTITLE].

If you want the output "with whatever length it actually has" you can specify the width as 0. Note that this can result in a "ragged column" when the actual lengths in the various records are different, so there are limitations when you use this in any position other than the last one on an output line.

When "just" specifying the width as 0, it is possible for data to fall off at the end of the line when the line length is exceeded. If you still want to ensure that you see all the data, you can add the modifier WRAP to specify that the output should also be wrapped to the next line. In this case, the rest of the output will start in the same column position on the next line(s). You see that this specification has also been used in this query for some other fields.

In this case, the field CERTIFICATE_ALT_DOMAIN is on a line by itself, so it should be fine to change it to:
/ certificate_alt_domain(p,0,wrap),

Note that the P (short for PREFIX) modifier specifies that the field's "prefix header" (in this case "Certificate AltName domain") is printed before the output value. When the line is wrapped, the prefix header is repeated on each line, while the value occurs wrapped behind it as explained above. The prefix header takes up 29 characters [and is followed by a blank]. (This value is fixed so that a list of such fields has their values start in the same column.)

I hope this helps,

--Jeroen

P.S. To see the default properties for the fields, you can use the FIELDS primary command in the ISPF UI, and then first go to BUILTIN, then to the newlist type (in this case RACF), and scroll down to the field (or, say, FIND AltName). That would show you the the prefix header (as "Description") and the 40 ("Len"), among other things.

Hi Lynn,

Mr. De Laat was showing output from menu option RA.5.1 with / Print format and / Full page form.

You can see a query similar to this by running that and then going to the RESULTS panel (RESULTS primary command) and opening the COMMANDS file (action E for Edit).

In zSecure 3.1, you will see the 0,WRAP discussed above has been added into the basic query[1].

The selection statement in the query is by default
s s=certdata  c=digtcert    

So the query is really formatting data taken from the DIGTCERT CERTDATA profile segment (largely extracted from the actual certificate in the CERT field).

The RA.5.1 panel (C2RP3R5@) includes a selection on Creation date:
Start validity . . . . . ____________  : ____________   (From : To dates,      
End validity . . . . . . ____________  : ____________    yyyy-mm-dd/ddMMMyyyy/ 
Creation date  . . . . . ____________  : ____________    TODAY/TODAY-nn/       
Complex  . . . . . . . . ________  (complex or filter)   TODAY+nn)             

If you fill in a date range in Creation date, an extra newlist is added to do the detail selection, and the (later) query is chained to it via the PROFLIST keyword (which means that you restrict the selection to that of a prior newlist). You will see something like:
000001 n type=racf name=digtprof outlim=0                            
000002 s c=digtcert  (creadate>=2024-01-01 and creadate<=2024-01-31) 
000003 sortlist key                                                  
(where OUTLIM=0 means "generate no actual output") and
000028 N n=DIGTCR53 s=certdata,                                                
000029  tt="Class ",                                                           
000030  required proflist=digtprof,                                            
000031   header=no,                                                            
000032  st="Certificate with creation date between 2024-01-01 and 2024-01-31 " 
000033  s s=certdata  c=digtcert                                               

However, if you are specifically looking for changes, you might also try the / Show differences option on the panel with multiple database snapshots.

I hope this helps.

Regards,

Jeroen


[1] This is also documented in the history log of panel SCKRPLIB(C2RP3R5Z):
/* 220805 3.1.0 R_L J0011077: Print full certificate altname fields   */
/* 220811 3.1.0 R_L J0011122: Show full AltName fields                */
/* 221011 3.1.0 R_L J0011662: Add effective priv keysize              */
/* 240321 3.1.0 EPL J0015958: Extended key usage                      */
/* 240321 3.1.0 EPL J0016205: Update key usage headers                */
/* 240321 3.1.0 EPL J0016332: Remove "HexType" field                  */
where I am showing this at maintenance level
/* FMID: HCKR310 RMID: OA66278 IBM Security zSecure Base 3.1.0        */


This is a very useful report shared by Mr. DeLaat.  Jeroen, Richard, would you be able to make a slight modification to this to show how to only select certificates within a certain date range?  I am trying to figure out how to approach to be able to create a report to show certificates 'added'/'modified'/'deleted',  their activity, based on each month of the year.  Is it an easy modification to Mr. DeLaat's program, or, need to re-think from the bottom up?  

Many thanks for this forum and discussion group. 

Lynn Gilson

Hi Richard,

CARLa fields have a default output length that is used when no overriding specification is provided. For CERTIFICATE_ALT_DOMAIN that is indeed 40.

If you want a different column width, you can specify the number as an override in brackets behind the field name. You can see examples in this query where for example COMPLEX is printed in a column of width 13 while the default is 8 [in this case, as part of the TT or TOPTITLE].

If you want the output "with whatever length it actually has" you can specify the width as 0. Note that this can result in a "ragged column" when the actual lengths in the various records are different, so there are limitations when you use this in any position other than the last one on an output line.

When "just" specifying the width as 0, it is possible for data to fall off at the end of the line when the line length is exceeded. If you still want to ensure that you see all the data, you can add the modifier WRAP to specify that the output should also be wrapped to the next line. In this case, the rest of the output will start in the same column position on the next line(s). You see that this specification has also been used in this query for some other fields.

In this case, the field CERTIFICATE_ALT_DOMAIN is on a line by itself, so it should be fine to change it to:
/ certificate_alt_domain(p,0,wrap),

Note that the P (short for PREFIX) modifier specifies that the field's "prefix header" (in this case "Certificate AltName domain") is printed before the output value. When the line is wrapped, the prefix header is repeated on each line, while the value occurs wrapped behind it as explained above. The prefix header takes up 29 characters [and is followed by a blank]. (This value is fixed so that a list of such fields has their values start in the same column.)

I hope this helps,

--Jeroen

P.S. To see the default properties for the fields, you can use the FIELDS primary command in the ISPF UI, and then first go to BUILTIN, then to the newlist type (in this case RACF), and scroll down to the field (or, say, FIND AltName). That would show you the the prefix header (as "Description") and the 40 ("Len"), among other things.

Hi Lynn,

Mr. De Laat was showing output from menu option RA.5.1 with / Print format and / Full page form.

You can see a query similar to this by running that and then going to the RESULTS panel (RESULTS primary command) and opening the COMMANDS file (action E for Edit).

In zSecure 3.1, you will see the 0,WRAP discussed above has been added into the basic query[1].

The selection statement in the query is by default
s s=certdata  c=digtcert    

So the query is really formatting data taken from the DIGTCERT CERTDATA profile segment (largely extracted from the actual certificate in the CERT field).

The RA.5.1 panel (C2RP3R5@) includes a selection on Creation date:
Start validity . . . . . ____________  : ____________   (From : To dates,      
End validity . . . . . . ____________  : ____________    yyyy-mm-dd/ddMMMyyyy/ 
Creation date  . . . . . ____________  : ____________    TODAY/TODAY-nn/       
Complex  . . . . . . . . ________  (complex or filter)   TODAY+nn)             

If you fill in a date range in Creation date, an extra newlist is added to do the detail selection, and the (later) query is chained to it via the PROFLIST keyword (which means that you restrict the selection to that of a prior newlist). You will see something like:
000001 n type=racf name=digtprof outlim=0                            
000002 s c=digtcert  (creadate>=2024-01-01 and creadate<=2024-01-31) 
000003 sortlist key                                                  
(where OUTLIM=0 means "generate no actual output") and
000028 N n=DIGTCR53 s=certdata,                                                
000029  tt="Class ",                                                           
000030  required proflist=digtprof,                                            
000031   header=no,                                                            
000032  st="Certificate with creation date between 2024-01-01 and 2024-01-31 " 
000033  s s=certdata  c=digtcert                                               

However, if you are specifically looking for changes, you might also try the / Show differences option on the panel with multiple database snapshots.

I hope this helps.

Regards,

Jeroen


[1] This is also documented in the history log of panel SCKRPLIB(C2RP3R5Z):
/* 220805 3.1.0 R_L J0011077: Print full certificate altname fields   */
/* 220811 3.1.0 R_L J0011122: Show full AltName fields                */
/* 221011 3.1.0 R_L J0011662: Add effective priv keysize              */
/* 240321 3.1.0 EPL J0015958: Extended key usage                      */
/* 240321 3.1.0 EPL J0016205: Update key usage headers                */
/* 240321 3.1.0 EPL J0016332: Remove "HexType" field                  */
where I am showing this at maintenance level
/* FMID: HCKR310 RMID: OA66278 IBM Security zSecure Base 3.1.0        */


This is a very useful report shared by Mr. DeLaat.  Jeroen, Richard, would you be able to make a slight modification to this to show how to only select certificates within a certain date range?  I am trying to figure out how to approach to be able to create a report to show certificates 'added'/'modified'/'deleted',  their activity, based on each month of the year.  Is it an easy modification to Mr. DeLaat's program, or, need to re-think from the bottom up?  

Many thanks for this forum and discussion group. 

Lynn Gilson

Hi Richard,

CARLa fields have a default output length that is used when no overriding specification is provided. For CERTIFICATE_ALT_DOMAIN that is indeed 40.

If you want a different column width, you can specify the number as an override in brackets behind the field name. You can see examples in this query where for example COMPLEX is printed in a column of width 13 while the default is 8 [in this case, as part of the TT or TOPTITLE].

If you want the output "with whatever length it actually has" you can specify the width as 0. Note that this can result in a "ragged column" when the actual lengths in the various records are different, so there are limitations when you use this in any position other than the last one on an output line.

When "just" specifying the width as 0, it is possible for data to fall off at the end of the line when the line length is exceeded. If you still want to ensure that you see all the data, you can add the modifier WRAP to specify that the output should also be wrapped to the next line. In this case, the rest of the output will start in the same column position on the next line(s). You see that this specification has also been used in this query for some other fields.

In this case, the field CERTIFICATE_ALT_DOMAIN is on a line by itself, so it should be fine to change it to:
/ certificate_alt_domain(p,0,wrap),

Note that the P (short for PREFIX) modifier specifies that the field's "prefix header" (in this case "Certificate AltName domain") is printed before the output value. When the line is wrapped, the prefix header is repeated on each line, while the value occurs wrapped behind it as explained above. The prefix header takes up 29 characters [and is followed by a blank]. (This value is fixed so that a list of such fields has their values start in the same column.)

I hope this helps,

--Jeroen

P.S. To see the default properties for the fields, you can use the FIELDS primary command in the ISPF UI, and then first go to BUILTIN, then to the newlist type (in this case RACF), and scroll down to the field (or, say, FIND AltName). That would show you the the prefix header (as "Description") and the 40 ("Len"), among other things.