IBM Security Z Security

 View Only
Expand all | Collapse all

Listing Digital Certificate Keyrings Question

  • 1.  Listing Digital Certificate Keyrings Question

    Posted Thu April 21, 2022 10:03 AM

    A native RACF command of  "racdcert listring(*) id(userid)" will show the actual userID of personal certificates that are connected to the keyrings in the cert owner column.

     

    Certificate Label Name             Cert Owner     USAGE      DEFAULT

    --------------------------------   ------------   --------   -------

    CA LABEL NAME                     CERTAUTH       CERTAUTH     NO

    PERSONAL CERT NAME                 ID(userid)     PERSONAL     NO

     

    The Carla code generated by RA.5.6 doesn't include a cert owner column though and I didn't find one searching in the FIELDS8 built-in option. Is it possible to include the userID of the personal cert that is connected to the keyring in a zSecure keyring report?

     

    The produced zSecure report shows these column headings:

     

    Digital certificate labels       Usage    Dflt Digital certificate names

    --------------------------       -----    ---- -------------------------

     

     

    N n=DIGTRR3  s=certdata,                             

     tt="Class ",                                        

     required ,                                           

      header=no st="All key rings "                      

    define #ringowner("Owner") as word(key,1,".")        

    define #ringname("Key ring name") as parse(key,".")  

     s s=certdata  c=DIGTRING                            

     sortlist,                                            

     / "Key ring identification"(ch),                    

     / "-----------------------"(ch),                    

     / "Key ring owner"(fp,29) #ringowner(d,wrap,et),    

     / "Key ring name"(fp,29) #ringname(0,d,wrap,et),    

     / :creadate(p,d,9),                                 

     / complex(p,d,0),                                   

       ,                                                 

       / certlabl(header,cp(5)) certusag certdflt certname

    \/                                                    

    /*                                                   

     

    Richard A. De Laat

     

     



  • 2.  RE: Listing Digital Certificate Keyrings Question

    Posted Thu April 28, 2022 10:46 AM
    Unfortunately, this is currently not completely possible due to the fact that the information you want is scattered over 4 different segments/profiles. Using the new (2.5.0) CERTIFICATE newlist, you can get a report about the keyring, with a list of the certificates, including the owner. But it is not possible to get the all the other fields from the keyring (like the creationdate).  I created the basic report using:

    n type=certificate, t="keyrings with certificates"
    define #ringowner("RingOwnr",8) as,
    word(named_keyring,1,".")
    define #ringname("Keyring name") as ,
    parse(named_keyring,".")
    s exists(#ringowner)
    summary complex * ,
    #ringowner * ,
    #ringname * ,
    certificate_owner("CertOwnr",8),
    certificate_label count(nd)

    ------------------------------
    Guus Bonnes
    ------------------------------