Add User Certificate (QSYADDUC, QsyAddUserCertificate) API
Required Parameter Group for QSYADDUC:
| 1 | User profile | Input | Char(10) |
| 2 | Certificate | Input | Char(*) |
| 3 | Type | Input | Binary(4) |
| 4 | Length of certificate | Input | Binary(4) |
| 5 | Error code | I/O | Char(*) |
Default Public Authority: *USE
Threadsafe: Yes
Syntax for QsyAddUserCertificate:
#include <qsydigid.h>
void QsyAddUserCertificate
(char *User_profile,
char *Certificate,
int Type,
int Length_of_certificate,
void *Error_code);
Service Program: QSYDIGIDDefault Public Authority: *USE
Threadsafe: Yes
The Add User Certificate (OPM, QSYADDUC; ILE, QsyAddUserCertificate) API associates a certificate with an IBM i user profile.
A common scenario is that only one certificate is associated with an IBM i user profile at any given time, but more than one certificate may be associated with the same IBM i user profile if each certificate is unique. A reason for having more than one certificate associated with an IBM i user profile may be that the first certificate is about to expire. The same certificate is not allowed to be associated with more than one IBM i user profile.
Because certificates vary in length, the actual number of certificates that can be listed using the List User Certificates API will also vary. Depending on the length of each of the certificates, no more than a few hundred certificates should be added to an IBM i user profile or incomplete results may be returned when attempting to use the List User Certificates API to list certificates that are associated with the IBM i user profile.
Authorities and Locks
- User Profile Authority
- If the user profile specified is not the user profile that is currently running, then *SECADM special authority and *USE and *OBJMGT authorities to the user profile are required.
Required Parameter Group
- User profile
- INPUT; CHAR(10)
The name of the user profile that will hold the certificate.
The following is also a valid selection for the user profile:
*CURRENT The user profile that is currently running.
- Certificate
- INPUT; CHAR(*)
The entire certificate in Abstract Syntax Notation 1 Distinguished Encoding Rules (ASN.1 DER) format. This is not a text string. This certificate is associated with the user profile.
- Type
- INPUT; BINARY(4)
The type or format of the certificate.
The possible types are:
1 Entire X.509 public key certificate in ASN.1 DER encoding. 3 Base 64 encoded version of the entire X.509 public key certificate in ASN.1 DER encoding. Note that the characters of the Base 64 encoding are the ASCII representation and not the EBCDIC representation.
- Length of certificate
- INPUT; BINARY(4)
The length of the certificate.
- Error code
- I/O; CHAR(*)
The structure in which to return error information. For the format of the structure, see Error code parameter.
Error Messages
| Message ID | Error Message Text |
|---|---|
| CPFA0AA E | Error occurred while attempting to obtain space. |
| CPF1F41 E | Severe error occurred while addressing parameter list. |
| CPF2204 E | User profile &1 not found. |
| CPF2213 E | Not able to allocate user profile &1. |
| CPF2217 E | Not authorized to user profile &1. |
| CPF2222 E | Storage limit is greater than specified for user profile &1. |
| CPF227A E | Certificate type is not valid. |
| CPF227B E | Certificate is not correct for the specified type. |
| CPF227C E | Certificate association already exists. |
| CPF3BFF E | Required option &1 is not available. |
| CPF3CF1 E | Error code parameter not valid. |
| CPF3CF2 E | Error(s) occurred during running of &1 API. |
| CPF3C1D E | Length specified in parameter &1 not valid. |
| CPF3C1E E | Required parameter &1 omitted. |
| CPF3C36 E | Number of parameters, &1, entered for this API was not valid. |
| CPF3C90 E | Literal value cannot be changed. |
| CPF4AB9 E | User certificate function not successful. |
| CPF9872 E | Program or service program &1 in library &2 ended. Reason code &3. |
API introduced: V4R2
[ Back to top | Security APIs | APIs by category ]