Sample certificate request record
Object key = 12035
name = "weglinsk@us.ibm.com"
tid = 1kRk91pnjIgpVkndWBrf3lk+
appldata = 1YKRC
comment =
data len = 1664
flags = 2021010 - Type = Cert State = CA CertSigned NeedsConfirm
Creation time is: 2013/05/02 13:37:00
Last modified time is: 2013/05/02 13:37:25
- Object key
- The index into the VSAM data set name.
- name
- The requestor's name.
- tid
- The transaction ID data.
- appldata
- Indicates the 8-character string identifying to the application the short name or nickname of the certificate template. (PKI Services provides sample certificate templates but it is RACF®, or an equivalent security product, rather than PKI Services, that handles the SAF templates.) Table 1 shows the nicknames for each certificate template. (These nicknames are supplied in the pkiserv.tmpl certificate templates file as defaults but your installation might have changed them or added others during customization. See TEMPLATE sections for more information.)
- comment
- A comment the administrator supplied the last time that the request was updated.
- data len
- The length of the variable data portion (that is, the BER-encoded request).
- flags
- Represent the current state of the request:
- Type
- Cert
- Certificate request (new or renewal).
- CRL
- Certificate revocation list (CRL).
- Rev
- Revocation request.
- Post
- Certificate waiting to be posted to LDAP.
- State
- The prefix (RA or CA) and one
of the following values:
- CertPreregistered
- Certificate preregistration record.
- CertReqActive
- Certificate request in some state of being completed.
- CertSigned
- Certificate request where the certificate has been created.
- CertReqRejected
- Certificate request that has been rejected.
- RevReqActive
- Revocation request in some state of being completed.
- CRLWaitingForRA
- CRL to be posted to LDAP.
- CertPostPending
- Certificate to be posted to LDAP.
- CaInfoPostPending
- PKI Services' CA certificate to be posted to LDAP.
- State Flag
- Optional. If present, is one of the following values:
- Complete
- Request is complete. For approved requests, the end user has retrieved the certificate.
- Error
- The certificate could not be posted to LDAP.
- NeedsConfirm
- Approved or rejected. End user has yet to be notified of the outcome.
- AutoRenewEnabled
- The certificate returned automatic renewal and this capability is enabled.
- AutoRenewCapable
- The certificate returned active certificates capable for auto renewal but disabled.
- Synchronous
- Request is an in-progress synchronous certificate request.