Register Application for Certificate Use Exit Program
Required Parameter Group:
| 1 | Register application exit information | Input | Char(*) |
| 2 | Register indicator | Output | Char(1) |
QSYSINC Member Name: ESYRGAPP
Exit Point Name: QIBM_QSY_CERT_APPS
Exit Point Format Name: RGAP0100
The Register Application for Certificate Use exit program is called when the registration information for an application is changed using the Register Application for Certificate Use (QSYRGAP, QsyRegisterAppForCertUse) API, the Add Exit Program (QUSADDEP, QusAddExitProgram) API, or the Add Exit Program (ADDEXITPGM) command.
When the information for a registered application is being changed, the user-written exit program associated with the registered application is called. The exit point supports an unlimited number of applications, but only one exit program for each application. (For information about registering an application that uses certificates, see Register Application for Certificate Use (QSYRGAP, QsyRegisterAppForCertUse) API.)
Note: The Register Application For Certificate Use exit point does not change the application information if the user-written exit program indicates that the change operation is not allowed. If the exit program does not exist or cannot be called because of the multithreaded job action value, then the application information is changed.
Authorities and Locks
- Authority to Exit Program Library
- *EXECUTE
- Authority to Exit Program
- *USE
Required Parameter
- Register application exit information
- INPUT; CHAR(*)
Information needed by the exit program for notification of any changes to a registered application. For details, see Format of Register Application Exit Information.
- Register indicator
- OUTPUT; CHAR(1)
An indicator set by the exit program as to whether the change of the application information is allowed. The possible values follow:
0 The application information will not be changed. 1 The application information will be changed.
Format of Register Application Exit Information
The following table shows the structure of the register application information for format RGAP0100. For a description of the fields in this format, see Field Descriptions.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | CHAR(20) | Exit point name |
| 20 | 14 | CHAR(8) | Exit point format name |
| 28 | 1C | CHAR(100) | Application ID |
| 128 | 80 | CHAR(1) | Current client authentication required value |
| 129 | 81 | CHAR(1) | New client authentication required value |
| 130 | 82 | CHAR(1) | Current client authentication supported value |
| 131 | 83 | CHAR(1) | New client authentication supported value |
| 132 | 84 | CHAR(1) | Current limit CA certificates trusted value |
| 133 | 85 | CHAR(1) | New limit CA certificates trusted value |
 134 |
86 | CHAR(1) | Current perform certificate revocation processing value |
| 135 |
87 | CHAR(1) | New perform certificate revocation processing value |
| 136 |
88 | Array(10) of CHAR(1) | Current secure sockets layer (SSL) protocol values |
| 146 |
92 | Array(10) of CHAR(1) | New secure sockets layer (SSL) protocol values |
| 156 |
9C | Array(64) of CHAR(2) | Current secure sockets layer (SSL) cipher specifications list values |
| 220 |
DC | Array(64) of CHAR(2) | New secure sockets layer (SSL) cipher specifications list values |
| 284 |
11C | Array(32) of CHAR(1) | Current secure sockets layer (SSL) signature algorithm values |
| 316 |
13C | Array(32) of CHAR(1) | New secure sockets layer (SSL) signature algorithm values |
| 348 |
15C | CHAR(1) | Current perform Online Certificate Status Protocol (OCSP) checking value |
| 349 |
15D | CHAR(1) | New perform Online Certificate Status Protocol (OCSP) checking value |
| 350 |
15E | CHAR(128) | Current Online Certificate Status Protocol (OCSP) URL value |
| 478 |
1DE | CHAR(128) | New perform Online Certificate Status Protocol (OCSP) URL value |
| 606 |
25E | CHAR(1) | Current extended renegotiation critical mode value |
| 607 |
25F | CHAR(1) | New extended renegotiation critical mode value |
| 608 |
260 | CHAR(128) | Current Server Name Indication (SNI) value |
| 736 |
2E0 | CHAR(128) | New Server Name Indication (SNI) value |
Field Descriptions
Application ID.The ID of the application.
Current client authentication required value. The current value for the client authentication required indicator. The possible values follow:
| 0 | Client authentication is not required. |
| 1 | Client authentication is required. |
Current client authentication supported value. The current value for the client authentication supported indicator. The possible values follow:
| 0 | Client authentication is not supported by this application. |
| 1 | Client authentication is supported by this application. |
Current extended renegotiation critical mode value. The current value for the extended renegotiation critical mode indicator.
The possible values follow:
| 0 | Use the runtime value that was set by the underlying application and its configuration, do not override. |
| 1 | RFC 5746 critical mode enabled. |
| 2 | RFC 5746 critical mode disabled. |
Current limit CA certificates trusted value. The current value for the limit Certificate Authority (CA) certificates trusted indicator. The possible values follow:
| 0 | Application trusts all CA certificates that are trusted in the *SYSTEM certificate store. If the current limit CA certificates trusted value is 1, then any CA certificates that are in the list of trusted CA certificates for the application will be removed. |
| 1 | Application trusts a subset of the CA
certificates that are trusted in the *SYSTEM certificate store. If the current
limit CA certificates trusted value is 0, then the application will trust
all of the CA certificates that are trusted in the *SYSTEM certificate store
until they are added to the list of trusted CA certificates for the application
using Digital Certificate Manager (DCM). |
Current Online Certificate Status Protocol (OCSP) URL value. The current value for the OCSP URL. This value will be padded with hexadecimal zeros.
The possible values follow:
| *PGM | Use the runtime value that was set by the underlying application and its configuration, do not override. |
| *DISABLE | Do not use the runtime URL value that may have been set by the underlying application. No URL value will be used. |
| url-value | The URL to use. |
Current perform certificate revocation processing value. The current value for the perform certificate revocation processing indicator.
The possible values follow:
| 0 | Certificate revocation processing is not performed when the certificate associated with the application is validated. |
| 1 | Certificate revocation processing is performed when the certificate associated with the application is validated. Certificate revocation processing will only be performed when there is a CRL Location Name associated with the CA in *SYSTEM that signed the certificate chain being validated. |
Current perform Online Certificate Status Protocol (OCSP) checking value. The current value for the perform OCSP checking indicator.
The possible values follow:
| 0 | Use the runtime value that was set by the underlying application and its configuration, do not override. |
| 1 | OCSP certificate revocation checking using Authority Information Access (AIA) certificate extension information is enabled. |
| 2 | OCSP certificate revocation checking using Authority Information Access (AIA) certificate extension information is disabled. |
Current secure sockets layer (SSL) cipher specifications list values. The current values for the SSL cipher specifications list. Unused array elements will contain hexadecimal zeros.
The possible values follow:
| 00 | Use the runtime value that was set by the underlying application and its configuration, do not override. |
| 9C | RSA_AES_128_GCM_SHA256. Use the Rivest Shamir Adleman (RSA) public key algorithm with the Advanced Encryption Standard (AES) cipher with Galois/Counter Mode (GCM) and 128 bit keys. Use the Secure Hash Algorithm 256 (SHA256) for generating the message authentication code (MAC). |
| 9D | RSA_AES_256_GCM_SHA384. Use the RSA public key algorithm with the AES cipher with GCM and 256 bit keys. Use the Secure Hash Algorithm 384 (SHA384) for generating the MAC. |
| Y1 | ECDHE_ECDSA_NULL_SHA. Use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange algorithm with the Elliptic Curve Digital Signature Algorithm (ECDSA) signature algorithm but do not use any cipher. Use the Secure Hash Algorithm 1 (SHA-1) for generating the MAC. |
| Y2 | ECDHE_ECDSA_RC4_128_SHA. Use the ECDHE key exchange algorithm with the ECDSA signature algorithm with the Rivest Cipher 4 (RC4) cipher and 128 bit keys. Use SHA-1 for generating the MAC. |
| Y3 | ECDHE_ECDSA_3DES_EDE_CBC_SHA. Use the ECDHE key exchange algorithm with the ECDSA signature algorithm with the Triple Data Encryption Standard (3DES) cipher with the encrypt/decrypt/encrypt (EDE) and cipher block chaining (CBC) modes and 168 bit keys. Use SHA-1 for generating the MAC. |
| Y4 | ECDHE_RSA_NULL_SHA. Use the ECDHE key exchange algorithm with the RSA public key algorithm but do not use any cipher. Use SHA-1 for generating the MAC. |
| Y5 | ECDHE_RSA_RC4_128_SHA. Use the ECDHE key exchange algorithm with the RSA public key algorithm with the RC4 cipher and 128 bit keys. Use SHA-1 for generating the MAC. |
| Y6 | ECDHE_RSA_3DES_EDE_CBC_SHA. Use the ECDHE key exchange algorithm with the RSA public key algorithm with the 3DES cipher with the EDE and CBC modes and 168 bit keys. Use SHA-1 for generating the MAC. |
| Y7 | ECDHE_ECDSA_AES_128_CBC_SHA256. Use the ECDHE key exchange algorithm with the ECDSA signature algorithm with the AES cipher with CBC and 128 bit keys. Use SHA256 for generating the MAC. |
| Y8 | ECDHE_ECDSA_AES_256_CBC_SHA384. Use the ECDHE key exchange algorithm with the ECDSA signature algorithm with the AES cipher with CBC and 256 bit keys. Use SHA384 for generating the MAC. |
| Y9 | ECDHE_RSA_AES_128_CBC_SHA256. Use the ECDHE key exchange algorithm with the RSA public key algorithm with the AES cipher with CBC and 128 bit keys. Use SHA256 for generating the MAC. |
| YA | ECDHE_RSA_AES_256_CBC_SHA384. Use the ECDHE key exchange algorithm with the RSA public key algorithm with the AES cipher with CBC and 256 bit keys. Use SHA384 for generating the MAC. |
| YB | ECDHE_ECDSA_AES_128_GCM_SHA256. Use the ECDHE key exchange algorithm with the ECDSA signature algorithm with the AES cipher with GCM and 128 bit keys. Use SHA256 for generating the MAC. |
| YC | ECDHE_ECDSA_AES_256_GCM_SHA384. Use the ECDHE key exchange algorithm with the ECDSA signature algorithm with the AES cipher with GCM and 256 bit keys. Use SHA384 for generating the MAC. |
| YD | ECDHE_RSA_AES_128_GCM_SHA256. Use the ECDHE key exchange algorithm with the RSA public key algorithm with the AES cipher with GCM and 128 bit keys. Use SHA256 for generating the MAC. |
| YE | ECDHE_RSA_AES_256_GCM_SHA384. Use the ECDHE key exchange algorithm with the RSA public key algorithm with the AES cipher with GCM and 256 bit keys. Use SHA384 for generating the MAC. |
| 3C | RSA_AES_128_CBC_SHA256. Use the RSA public key algorithm with the AES cipher with CBC and 128 bit keys. Use SHA256 for generating the MAC. |
| 2F | RSA_AES_128_CBC_SHA. Use the RSA public key algorithm with the AES cipher with CBC and 128 bit keys. Use SHA-1 for generating the MAC. |
| 3D | RSA_AES_256_CBC_SHA256. Use the RSA public key algorithm with the AES cipher with CBC and 256 bit keys. Use SHA256 for generating the MAC. |
| 35 | RSA_AES_256_CBC_SHA. Use the RSA public key algorithm with the AES cipher with CBC and 256 bit keys. Use SHA-1 for generating the MAC. |
| 05 | RSA_RC4_128_SHA. Use the RSA public key algorithm with the RC4 cipher and 128 bit keys. Use SHA-1 for generating the MAC. |
| 0A | RSA_3DES_EDE_CBC_SHA. Use the RSA public key algorithm with the 3DES cipher with the EDE and CBC modes and 168 bit keys. Use SHA-1 for generating the MAC. |
| 04 | RSA_RC4_128_MD5. Use the RSA public key algorithm with the RC4 cipher and 128 bit keys. Use message digest algorithm 5 (MD5) for generating the MAC. |
| 09 | RSA_DES_CBC_SHA. Use the RSA public key algorithm with the Data Encryption Standard (DES) cipher with CBC mode and 56 bit keys. Use SHA-1 for generating the MAC. |
| 03 | RSA_EXPORT_RC4_40_MD5. Use the RSA public key algorithm with the RC4 cipher and 40 bit keys. Use MD5 for generating the MAC. |
| 06 | RSA_EXPORT_RC2_CBC_40_MD5. Use the RSA public key algorithm with the Rivest Cipher 2 (RC2) cipher with CBC mode and 40 bit keys. Use MD5 for generating the MAC. |
| 3B | RSA_NULL_SHA256. Use the RSA public key algorithm but do not use any cipher. Use SHA256 for generating the MAC. |
| 02 | RSA_NULL_SHA. Use the RSA public key algorithm but do not use any cipher. Use SHA-1 for generating the MAC. |
| 01 | RSA_NULL_MD5. Use the RSA public key algorithm but do not use any cipher. Use MD5 for generating the MAC. |
| X3 | RSA_RC2_CBC_128_MD5. Use the RSA public key algorithm with the RC2 cipher with CBC mode and 128 bit keys. Use MD5 for generating the MAC. Note: This cipher is only valid for use with SSLv2. |
| X7 | RSA_3DES_EDE_CBC_MD5. Use the RSA public key algorithm with the 3DES cipher with the EDE and CBC modes and 168 bit keys. Use MD5 for generating the MAC. Note: This cipher is only valid for use with SSLv2. |
| X6 | RSA_DES_CBC_MD5. Use the RSA public key algorithm with the DES cipher with the CBC mode and 56 bit keys. Use MD5 for the MAC. Note: This cipher is only valid for use with SSLv2. |
Current secure sockets layer (SSL) protocol values. The current values for the secure sockets layer (SSL) protocols. Unused array elements will contain hexadecimal zeros.
The possible values follow:
| 0 | Use the runtime value that was set by the underlying application and its configuration, do not override. |
| 1 | SSLV2. Secure Sockets Layer version 2.0 will be supported. |
| 2 | SSLV3. Secure Sockets Layer version 3.0 will be supported. |
| 3 | TLSV1.0. Transport Layer Security version 1.0 will be supported. |
| 4 | TLSV1.1. Transport Layer Security version 1.1 will be supported. |
| 5 | TLSV1.2. Transport Layer Security version 1.2 will be supported. |
Current secure sockets layer (SSL) signature algorithm values. The current values for secure sockets layer (SSL) signature algorithms. Unused array elements will contain hexadecimal zeros.
The possible values follow:
| 0 | Use the runtime value that was set by the underlying application and its configuration, do not override. |
| 1 | RSA with MD5 |
| 2 | RSA with SHA1 |
| 3 | RSA with SHA224 |
| 4 | RSA with SHA256 |
| 5 | RSA with SHA384 |
| 6 | RSA with SHA512 |
| 7 | ECDSA with SHA1 |
| 8 | ECDSA with SHA224 |
| 9 | ECDSA with SHA256 |
| A | ECDSA with SHA384 |
| B | ECDSA with SHA512 |
Current Server Name Indication (SNI) value. The current value for the server name indication. This value will be padded with hexadecimal zeros.
Exit point format name. The format name for the Register Application for Certificate Use exit program. The possible format name is:
| RGAP0100 | The format name that is used after application information is changed. |
Exit point name. The name of the exit point that calls the exit program.
New client authentication required value. The new value for
the client authentication required indicator. For the possible values refer to the Current client authentication required field description.
New client authentication supported value. The new value
for the client authentication supported indicator. For the possible values refer to the Current client authentication supported value field description.
New extended renegotiation critical mode value. The new value for the extended renegotiation critical mode indicator.
For the possible values refer to the Current extended renegotiation critial mode value field description.
New limit CA certificates trusted value. The new value for
the limit Certificate Authority (CA) certificates trusted indicator. For the possible values refer to the Current limit CA certificates trusted value field description.
Note: The Update Certificate Authority (CA) Trust exit
program will not be called for the CA certificates that are removed from the
list of trusted CA certificates for the application because of a change to this
value.
New Online Certificate Status Protocol (OCSP) URL value. The new value for the OCSP URL. This value will be padded with hexadecimal zeros. For the possible values refer to the Current Online Certificate Status Protocol (OCSP) URL value field description.
New perform certificate revocation processing value. The new value for the perform certificate revocation processing indicator. For the possible values refer to the Current perform certificate revocation processing value field description.
New perform Online Certificate Status Protocol (OCSP) checking value. The new value for the perform OCSP checking indicator.
For the possible values refer to the Current perform Online Certificate Status Protocol (OCSP) checking value field description.
New secure sockets layer (SSL) cipher specifications list values. The new values for the SSL cipher specifications list. Unused array elements will contain hexadecimal zeros.
For the possible values refer to the Current secure sockets layer (SSL) cipher specifications list values field description.
New secure sockets layer (SSL) protocol values. The new values for the secure sockets layer (SSL) protocols. Unused array elements will contain hexadecimal zeros.
For the possible values refer to the Current secure sockets layer (SSL) protocol values field description.
New secure sockets layer (SSL) signature algorithm values. The new values for secure sockets layer (SSL) signature algorithms. Unused array elements will contain hexadecimal zeros.
For the possible values refer to the Current secure sockets layer (SSL) signature algorithm values field description.
New Server Name Indication (SNI) value. The new value for the server name indication. This value will be padded with hexadecimal zeros.
Exit program introduced: V5R1
[ Back to top | Security APIs | APIs by category ]