z/OS Cryptographic Services PKI Services Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Summary of fields in certificate templates

z/OS Cryptographic Services PKI Services Guide and Reference
SA23-2286-00

The tables in this topic summarize the fields contained in each certificate template that PKI Services provides.
Certificate templates Fields
Fields in the PKI browser certificate templates Table 1
Fields in the PKI server certificate templates Table 2
Fields in the SAF (browser and server), SCEP, and PKI generated key certificate templates Table 3
Table 1, Table 2, and Table 3 identify each template field as one of the following:
  • Required
  • Optional
  • Provided by the application
  • Constant (supplied value is shown)
  • Blank (field is not present in either the CONTENT or CONSTANT section)
Table 1. Summary of fields for PKI browser certificate templates
Field name One-year PKI SSL browser One-year PKI S/MIME browser Two-year PKI browser for z/OS® Two-year PKI Windows logon certificate n-year PKI browser extensions demon- stration
AltDomain         Optional
AltEmail   Required   Optional  
AltIPAddr         Optional
AltOther_OID       Constant1 Optional
AltURI         Optional
AuthInfoAcc         Constant2
BusinessCat          
CertPolicies         Constant: 1
ClientName          
CommonName Required   Constant3 Optional  
Country         Optional
Critical          
CustomExt         Optional
DomainName         Optional
DNQualifier         Optional
EmailAddr         Optional
ExtKeyUsage Constant: clientauth   Constant: clientauth Constants: clientauth and mssmartlogon Optional
HostIdMap4     Application provides   Optional
JurCountry          
JurLocality          
JurStateProv          
KeySize          
KeyUsage Constant: handshake     Constant: digitalSig Required
Label         Optional
Locality         Optional
Mail (previously called Email)         Optional
NotAfter Constant: 365   Constant: 730   Optional
NotBefore Constant: 0       Optional
NotifyEmail Optional        
Org Constant: The Firm       Optional
OrgUnit Constant: Class 1 Internet Certificate CA       Required
OrgUnit2         Optional
PassPhrase Required        
PostalCode         Optional
PublicKey Browser provided5        
PublicKey2       Browser provided5  
Requestor Optional        
SerialNumber         Optional
SignWith Constant: PKI:        
StateProv         Optional
Street         Optional
Title         Optional
Uid         Optional
UnstructAddr         Optional
UnstructName         Optional
UserId     Application provides    
Note:
  1. The constant value is _1_3_6_1_4_1_311_20_2_3.
  2. The constant value is OCSP,URL=https://IV.OCSP.BankXYZ.com.
  3. Although CommonName is a constant, no value is assigned to it. This indicates that RACF® must determine the value. The user authenticates by specifying a user ID and password. (If UserId is listed in the APPL section, this means the application provides the user ID and password.) Providing the user ID and password enables RACF to look up the CommonName value in the user's profile.
  4. The HostIdMap value is formed by concatenating UserId with @host-name.
  5. The PublicKey and PublicKey2 fields are coded with the browsertype substitution variable.
Table 2. Summary of fields for PKI server certificate templates
Field name Two-year EV SSL server Two-year PKI Authenticode code signing server Five-year PKI SSL server Five-year PKI IPSEC server (firewall) Five-year PKI intermediate CA server
AltDomain Optional   Optional    
AltEmail Optional Required Optional    
AltIPAddr Optional   Optional    
AltOther_OID          
AltURI Optional   Optional    
AuthInfoAcc   Constant1      
BusinessCat Optional        
CertPolicies   Constant: 1      
ClientName          
CommonName Required Constant: My Company Code Signing Certificate Optional    
Country Required   Optional    
Critical   Constant: ExtKeyUsage      
CustomExt          
DNQualifier          
DomainName          
EmailAddr          
ExtKeyUsage   Constant: codesigning Constant: serverauth    
HostIdMap2          
JurCountry Required        
JurLocality Optional        
JurStateProv Optional        
KeySize          
KeyUsage   Constants: digitalsig and docsign Constant: handshake Constants: handshake and dataencrypt Constant: certsign
Label          
Locality Required   Optional    
Mail (previously called Email) Optional        
NotAfter   Constant: 730 Constant: 1825    
NotBefore   Constant: 0      
NotifyEmail Optional Required   Optional  
Org Required Constant: The Firm Optional    
OrgUnit Required Optional      
OrgUnit2     Optional    
PassPhrase Required        
PostalCode Optional   Optional    
PublicKey Required        
PublicKey2          
Requestor Optional        
SerialNumber Required        
SignWith   Constant: PKI:      
StateProv Required   Optional    
Street Optional   Optional    
Title          
Uid          
UnstructAddr          
UnstructName          
UserId         Application provides
Note:
  1. The constant value is OCSP,URL=https://ocsp.vendor.com.
  2. The HostIdMap value is formed by concatenating UserId with @host-name.
Table 3. Summary of fields for SAF, SCEP, and PKI generated key certificate templates
Field name One-year SAF server One-year SAF browser Five-year SCEP preregistration One-year PKI generated key
AltDomain Optional      
AltEmail Optional      
AltIPAddr Optional      
AltOther_OID        
AltURI Optional   Optional  
AuthInfoAcc        
BusinessCat        
CertPolicies        
ClientName     Required  
CommonName Optional Constant1 Optional Required
Country Required Constant: US Optional  
Critical        
CustomExt        
EmailAddr     Optional  
ExtKeyUsage     Optional  
HostIdMap2     Optional  
JurCountry        
JurLocality        
JurStateProv        
KeySize       Required
KeyUsage     Optional Constant: handshake
Label Required   Optional  
Locality Optional   Optional  
Mail (previously called Email)     Optional  
NotAfter Constant: 365   Constant: 1825 Constant: 365
NotBefore Constant: 0      
NotifyEmail     Optional  
Org Required Constant: The Firm Optional Constant: The Firm
OrgUnit Required Constants: OrgUnit=SAF template certificate and OrgUnit=Nuts and Bolts Division Optional Constant: Class 1 Internet Certificate CA
OrgUnit2 Optional   Optional  
PassPhrase     Required Required
PostalCode     Optional  
PublicKey Required3 Browser provided4 Optional  
PublicKey2        
Requestor     Optional Required
SerialNumber     Optional  
SignWith Constant: SAF:CERAUTH/taca   Constant: PKI: Constant: PKI:
StateProv Optional   Optional  
Street     Optional  
Title     Optional  
UnstructAddr     Optional  
UnstructName     Optional  
UserId Application provides      
Note:
  1. Although CommonName is a constant, no value is assigned to it. This indicates that RACF must determine the value. The user authenticates by specifying a user ID and password. (If UserId is listed in the APPL section, this means the application provides the user ID and password.) Providing the user ID and password enables RACF to look up the CommonName value in the user's profile.
  2. The HostIdMap value is formed by concatenating UserId with @host-name.
  3. The PublicKey is the PKCS #10 request.
  4. The PublicKey field is coded with the browsertype substitution variable.
Parent topic: Customizing the end-user Web application if you use REXX CGI execs

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014