z/OS Cryptographic Services PKI Services Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Using the postcerts utility

z/OS Cryptographic Services PKI Services Guide and Reference
SA23-2286-00

Purpose

The postcerts program creates LDAP posting objects for certificates, which the PKI Services daemon later posts to an LDAP directory. (The PostInterval parameter in the LDAP section of the configuration file determines when the posting occurs.) You can use this utility if you have created certificates that PKI Services did not automatically post to an LDAP directory; for example if you created certificates before you configured PKI Services to automatically post them.

Path setup

Update your PATH, LIBPATH, and NLSPATH environment variables with the appropriate pkiserv directory before you run postcerts. (Note that you are updating the environment variables for the user running the utility, not updating values in the PKI Services environment variables file, pkiserv.envars.) After you have updated these variables, you can run postcerts from the UNIX command line.
Variable name You must add …
PATH /install-dir/pkiserv/bin
LIBPATH /install-dir/pkiserv/lib
NLSPATH /install-dir/pkiserv/lib/nls/msg/%L/%N
The default directory for install-dir is /usr/lpp.

Format

postcerts –s serial-numbers [-D CA-domain-name] [-c comment]

Parameters

–s serial-numbers
The serial numbers of the certificates to be posted. This parameter contains one or more serial number specifiers, separated by commas, where a serial number specifier can be:
  • A single serial number
  • Two serial numbers separated by a dash, indicating a range of serial numbers
-D CA-domain-name
The 1-8 character name of the CA domain for which certificates are to be posted. The name can be entered using uppercase or lowercase letters. This option is required only if PKI Services is running with multiple CA domains.
-c comment
A comment to be stored in the issued certificate list (ICL).

Examples

To post a single certificate with serial number X'17':
postcerts –s 17
To post multiple certificates with a comment:
postcerts –s 17,18,8A –c ‘Posting Certificates for Coop’
To post certificates whose serial numbers are in the range X'20' to X'3B':
postcerts –s 20-3B
To post certificates whose serial numbers are in the ranges X'20' to X'3B' and to also post a single certificate with serial number X'17':
postcerts –s 20-3B,17
Parent topic: Using PKI Services utilities

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014