Using the vsam2db2 utility

Purpose

The vsam2db2 program copies data from the issued certificate list (ICL) and object store VSAM data sets into DB2® tables. Use this utility if you have been using VSAM data sets for the ICL and object store and want to use DB2 tables instead. Run vsam2db2 when PKI Services is not running. You must create the DB2 tables before you run vsam2db2. For more information, see Converting the object store and ICL from VSAM to DB2.

Path setup

Update your PATH, LIBPATH, and NLSPATH environment variables with the appropriate pkiserv directory before you run vsam2db2. (Note that you are updating the environment variables for the user running the utility, not updating values in the PKI Services environment variables file, pkiserv.envars.) When you have updated these variables, you can run vsam2db2 from the UNIX command line.
Variable name You must add …
PATH /install-dir/pkiserv/bin
LIBPATH /install-dir/pkiserv/lib
NLSPATH /install-dir/pkiserv/lib/nls/msg/%L/%N
The default directory for install-dir is /usr/lpp.

Format

vsam2db2 -o ostvsam-dataset-name -i iclvsam-dataset-name [-r]  
         -b db2-subsystem-name -k db2-package-name 
         [-D CA-domain-name] [-a]

Parameters

-o ostvsam-dataset-name
Specifies the MVS™ data set name of the VSAM object store.
-i iclvsam-dataset-name
Specifies the MVS data set name of the VSAM issued certificate list (ICL).
-r
Specifies that the VSAM data set is to be opened in record-level sharing (RLS) mode.
-b db2-subsystem-name
Specifies the DB2 subsystem name or the group attachment name of the object store and issued certificate list (ICL)
-k db2-package-name
Specifies the DB2 package name of the object store and issued certificate list (ICL)
-D CA-domain-name
Specifies the CA domain name
-a
If specified, all records in the object store and issued certificate list (ICL) are copied from the VSAM data sets to the DB2 tables. If not specified:
  • For the object store, all objects except completed certificate request objects are copied.
  • For the ICL, all certificate objects except expired certificates for which the user provided the public key are copied.
Note: It takes longer to run the utility with the -a option if you did not remove the completed certificate requests and the expired certificates for which the user provided the public key from the VSAM data sets.

Examples

In this sample script, the object store for the domain MasterCA is in the VSAM file pkisrvd.vsam.ost, and the ICL is in the VSAM file pkisrvd.vsam.icl. They are to be copied to DB2 tables in the DB2 subsystem DSN9 and the DB2 package MasterCA. The VSAM data sets are to be opened in RLS mode. All records in the VSAM data sets are to be copied, including those for completed requests and expired certificates.
vsam2db2 -o \'pkisrvd.vsam.ost\' \
         -i \'pkisrvd.vsam.icl\' \
         -b DSN9 \
         -k MasterCA \
         -r \
         -D MasterCA \
         -a

Output

As the vsam2db2 utility runs, it reports its progress. For every 2000 records that are copied from VSAM data sets to DB2 tables, the utility reports the total number of records copied.

If an error occurs, vsam2db2 displays a count of processed records and a count of copied records. (If -a is specified, these counts should be the same.)

Parent topic: Using PKI Services utilities