Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Steps for administering HostIdMappings extensions z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|
Perform the following steps to allow the Web server to accept logins from clients who have been issued PKI Services certificates with HostIdMappings extensions:
Note: On a z/OS system,
a HostIdMappings extension is not honored if the
target user ID was created after the start of the validity period
for the certificate containing the HostIdMappings extension.
Therefore, if you are creating user IDs specifically for certificates
with HostIdMappings extensions, make sure that you
create the user IDs before the certificate requests are submitted.
Alternately, when approving the certificate, you can modify the date
the certificate becomes valid so that it is not earlier than the date
the user ID was created. For renewed certificates, all the original
information is replicated in the new certificate, including the date
the certificate becomes valid and any HostIdMappings.
If you want to change a HostIdMappings extension
when approving the renewed certificate, you must also modify the date
the certificate becomes valid so that it is not earlier than the date
the user ID was created.
See z/OS Security Server RACF Command Language Reference for details about syntax and authorization required for using the RACDCERT command. |
Copyright IBM Corporation 1990, 2014
|