z/OS Security Server RACF General User's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Listing your digital certificate information

z/OS Security Server RACF General User's Guide
SA23-2298-00

You might be able to list the digital certificates and key rings associated with your user ID, as shown in the following examples.

User NETB0Y requests the listing of his Savings Account digital certificate to ensure it has been defined, and that it is marked trusted. He has READ authority to the FACILITY class profile IRR.DIGTCERT.LIST. He issues the RACDCERT command with the LIST operand, specifying the label to identify his certificate: 
RACDCERT LIST(LABEL('Savings Account'))
and receives the following output:
Figure 1. Example: listing your digital certificate information
Digital certificate information for user NETB0Y:

 Label: Savings Account
 Status: TRUST
 Serial Number:
  >5D666C20207A6638727A413872D8413B<
 Issuer's Name:
  >OU=BobsBank Savers.O=BobsBank.L=Internet<
 Subject's Name:
  >CN=S.S.Smith.OU=Digital ID Class 1 - NetScape.OU=BobsBank Class 1 - S<
  >avingsAcct.O=BobsBank.L=Internet<
User GEORGEM requests a listing of his key rings. He has three key rings with certificates and one key ring that has no certificates. He has READ authority to the FACILITY class profile IRR.DIGTCERT.LIST. He issues the RACDCERT command with the LISTRING operand, specifying * to list all of his key rings: 
RACDCERT LISTRING(*)
and receives the following output:
Figure 2. Listing your digital key ring information
Digital ring information for user GEORGEM:

   Ring:
        >GEORGEMsNewRing01<
   Certificate Label Name             Cert Owner     USAGE      DEFAULT
   --------------------------------   ------------   --------   -------
   New Cert Type - Ser # 00           ID(GEORGEM)    PERSONAL     YES
   New Type Cert - VsignC1            ID(GEORGEM)    CERTAUTH     NO
   New Type Cert - VsignC2            ID(GEORGEM)    SITE         NO
   65                                 ID(JOHNP)      PERSONAL     NO

   Ring:
        >GEORGEMsRing<
   Certificate Label Name             Cert Owner     USAGE      DEFAULT
   --------------------------------   ------------   --------   -------
   GEORGEM's Cert # 48                ID(GEORGEM)    PERSONAL     NO
   GEORGEM's Cert # 84                ID(GEORGEM)    PERSONAL     NO
   New Cert Type - Ser # 00           ID(GEORGEM)    PERSONAL     YES

   Ring:
        >GEORGEMsRing#2<
   Certificate Label Name             Cert Owner     USAGE      DEFAULT
   --------------------------------   ------------   --------   -------
   GEORGEM's Cert # 84                ID(GEORGEM)    PERSONAL     NO
   GEORGEM's Cert # 48                ID(GEORGEM)    PERSONAL     NO

   Ring:
        >GEORGEMsRing#3<
   *** No certificates connected ***

If you are unable to issue the RACDCERT command, check with your RACF® security administrator to get authorization.

Parent topic: How am I defined to RACF?

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014