| 1 | Certificate path name | Input | Char(*) |
| 2 | Length of certificate path name | Input | Binary(4) |
| 3 | Format of certificate path name | Input | Char(8) |
| 4 | Certificate label | Input | Char(*) |
| 5 | Length of certificate label | Input | Binary(4) |
| 6 | Error code | I/O | Char(*) |
The Add Verifier (OPM, QYDOADDV; ILE, QydoAddVerifier) API adds a certificate to the local system's *SIGNATUREVERIFICATION certificate store that the local system can use later to verify the integrity of objects on the system. This certificate represents the system or company that has signed objects that the local system will want to use. Object signatures are used to detect changes to an object that affect the integrity of that object. Object signatures also identify the origin of the object; that is, which system or company the object came from.
Note: If the certificate store does not exist, it will be created with a certificate store password of "VERIFYSIGNATURE". This password should be changed as soon as possible to a non-trivial password using the Digital Certificate Manager.
The path name of the stream file that has the certificate you wish to add to the *SIGNATUREVERIFICATION certificate store on the local system. This certificate store is a list of certificates the local system uses to verify the integrity of signed objects. If you are using format OBJN0100, this parameter is assumed to be represented in the coded character set identifier (CCSID) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.
The length of the contents of the certificate path name parameter. If the format of certificate path name is OBJN0200, this field must include the QLG path name structure in addition to the path name itself. If the format of the certificate path name is OBJN0100, only the path name itself is included.
The format of the certificate path name parameter.
| OBJN0100 | The certificate path name is a simple path name. |
| OBJN0200 | The certificate path name is an LG-type path name. |
Names the certificate that will be stored in the database. This label must be unique in the database; you cannot have another certificate with the same name in the database.
This certificate should have been created by exporting a verification certificate from the *OBJECTSIGNING certificate store on the system that signed the objects or buffers to be verified. Exporting any other way will not be useable by this API. Digital Certificate Manager (DCM) can be used for several file formats including this format. DCM will need to be used if other file formats are used.
This certificate should not have been signed by a local Certificate Authority (CA). This API does not support adding CA certificates. DCM will need to be used to import CA certificates prior to using this API to add certificates from those CAs. The certificate stores come with several Internet CA certificates already installed.
The length of the contents of the certificate label parameter.
The structure in which to return error information. For the format of the structure, see Error code parameter.
| Message ID | Error Message Text |
|---|---|
| CPF222E E | User profile does not have *SECADM (or *ALLOBJ) special authority. |
| CPFA0A9 E | Object not found. Object is &1. |
| CPFB724 E | Option &2 of the operating system is required to work with object signatures. |
| CPFB73A E | The password for the certificate key database needs to be set. |
| CPF9EA2 E | Certificate is not in a supported format. This certificate may have been exported from the *SIGNATUREVERIFICATION certificate store instead of the *OBJECTSIGNING certificate store. |
| CPF9EA6 E | Function &1 cannot be used. The function specified is one that is currently prevented from being used. |
| CPF9EB0 E | Certificate with label &2 is already in the certificate store. |
| CPF9EB2 E | A Certificate Authority (CA) certificate cannot be added using this API. |
| CPF9EB3 E | The issuer of the certificate may not be in the certificate store. Certificate was not added. |
[ Back to top | Security APIs | APIs by category ]