Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Using the createcrls utility z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|||||||||
PurposeThe createcrls program initiates the task that creates certificate revocation lists (CRLs). Later, depending on how PKI Services is configured, the PKI Services daemon either posts the CRLs to an LDAP server (for LDAP) or saves them in the HFS (for the URI format). (The PostInterval parameter in the LDAP section of the configuration file determines when the posting to LDAP occurs.) You can use this program to create a CRL immediately, instead of waiting for PKI Services to do it automatically based on the TimeBetweenCRLs parameter in the configuration file. Path setupUpdate your PATH, LIBPATH, and
NLSPATH environment variables with the appropriate pkiserv directory
before you run createcrls. (Note that you are updating
the environment variables for the user running the utility, not updating
values in the PKI Services environment
variables file, pkiserv.envars.) Once you have updated
these variables, you can run createcrls from the UNIX command line.
Format
Parameters
ExamplesTo create a CRL for the domain mydomain and
post the CRL to LDAP, enter the command:
To
create a CRL and post it to LDAP if you are not running PKI Services with multiple
CA domains, enter the command:
|
Copyright IBM Corporation 1990, 2014
|