z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


gsk_export_certificate()

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

Exports a certificate.

Format

   #include <gskcms.h>

   gsk_status gsk_export_certificate (   
                                       gsk_handle                  db_handle, 
                                       const char *                label, 
                                       gskdb_export_format         format,  
                                       gsk_buffer *                stream)

Parameters

db_handle
Specifies the database handle returned by the gsk_create_database() routine, the gsk_open_database() routine, or the gsk_open_keyring() routine. The database must be a key database and not a request database.
label
Specifies the label for the database record. The label is specified in the local code page.
format
Specifies the export format. These values may be specified:
gskdb_export_der_binary
Binary ASN.1 DER-encoded
gskdb_export_der_base64
Base64 ASN.1 DER-encoded
gskdb_export_pkcs7_binary
Binary PKCS #7 Cryptographic Message Syntax
gskdb_export_pkcs7_base64
Base64 PKCS #7 Cryptographic Message Syntax
stream
Return the byte stream for the encoded certificate. The application should call the gsk_free_buffer() routine to release the storage when it is no longer needed.

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:
[CMSERR_BAD_HANDLE]
The database handle is not valid.
[CMSERR_BAD_LABEL]
No database record label is supplied.
[CMSERR_FMT_NOT_SUPPORTED]
An unsupported export file format is specified.
[CMSERR_INCORRECT_DBTYPE]
The database type does not support certificates.
[CMSERR_NO_MEMORY]
Insufficient storage is available.
[CMSERR_RECORD_NOT_FOUND]
The requested record is not found.

Usage

The gsk_export_certificate() routine exports an X.509 certificate. The certificate can be exported using either the ASN.1 DER encoding for the certificate or the Cryptographic Message Syntax (PKCS #7) encoding for the certificate. This can be either the binary value or the Base64 encoding of the binary value. A Base64 encoded stream will be in the local code page and will include the encoding header and footer lines.

The export file will contain just the requested certificate when the DER format is selected. The export file will contain the requested certificate and its certification chain when the PKCS #7 format is selected. A partial certification chain will be exported if the complete chain is not in the database.

Parent topic: Certificate Management Services (CMS) API reference

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014