Update Certificate Authority (CA) Trust Exit Program
Required Parameter Group:
| 1 | Update Certificate Authority (CA) trust exit information |
Input | Char(*) |
QSYSINC Member Name: ESYUPDCA
Exit Point Name: QIBM_QSY_CERT_APPS
Exit Point Format Name: CATR0100
The Update Certificate Authority (CA) Trust exit program is called when a CA certificate is added to or removed from the list of trusted CA certificates for an application using Digital Certificate Manager (DCM).
When the trust status of a CA certificate for an application is changed, the user-written exit program associated with the registered application is called. The exit point supports an unlimited number of applications, but only one exit program for each application. (For information about registering an application that uses certificates, see Register Application for Certificate Use (QSYRGAP, QsyRegisterAppForCertUse) API.)
Note: The Update Certificate Authority (CA) Trust exit program is not be called if the Limit CA certificates trusted indicator for the application is set to 0 (the application trusts all CA certificates that are trusted in the *SYSTEM certificate store) and the trust status for one of the CA certificates in the *SYSTEM certificate store is changed.
Note: The Update Certificate Authority (CA) Trust exit program ignores any return codes or error messages that are sent from the exit program.
Authorities and Locks
- Authority to Exit Program Library
- *EXECUTE
- Authority to Exit Program
- *USE
Required Parameter
- Update Certificate Authority (CA) trust exit information
- INPUT; CHAR(*)
Information needed by the exit program for notification of any CA certificate trust changes for the application. For details, see Format of Update Certificate Authority (CA) Trust Exit Information.
Format of Update Certificate Authority (CA) Trust Exit Information
The following table shows the structure of the update CA trust information for format CATR0100. For a description of the fields in this format, see Field Descriptions.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | CHAR(20) | Exit point name |
| 20 | 14 | CHAR(8) | Exit point format name |
| 28 | 1C | CHAR(100) | Application ID |
| 128 | 80 | CHAR(1) | Action |
| 129 | 81 | CHAR(1) | Trusted CA certificate ID type |
| 130 | 82 | CHAR(2) | Reserved |
| 132 | 84 | BINARY(4) | Offset to trusted CA certificate ID |
| 136 | 88 | BINARY(4) | Length of trusted CA certificate ID |
| CHAR(*) | Trusted CA certificate ID | ||
Field Descriptions
Action.The action being performed on the trusted CA certificate. The possible values follow:
| 0 | The trusted CA certificate is being added to the list of trusted CA certificates for the application. |
| 1 | The trusted CA certificate is being removed from the list of trusted CA certificates for the application. |
Application ID. The ID of the application.
Trusted CA certificate ID. The ID for the trusted CA certificate being added or removed.
Trusted CA certificate ID type. The type of the trusted CA certificate ID. The possible value follows:
| 1 | The trusted CA certificate ID is the label for the certificate. |
Exit point format name. The format name for the Update Certificate Authority (CA) trust exit program. The possible format name is:
| CATR0100 | The format name that is used after a CA certificate is added or removed from the trust list for an application. |
Exit point name. The name of the exit point that calls the exit program.
Length of trusted CA certificate ID. The length of the trusted CA certificate ID.
Offset to trusted CA certificate ID. The offset to the start of the trusted CA certificate ID.
Reserved. An ignored field.
Exit program introduced: V5R1
[ Back to top | Security APIs | APIs by category ]