Use the LISTCHAIN keyword on the RACDCERT command to display
information about a certificate owned by a user ID, SITE, or CERTAUTH,
and its issuers’ certificates owned by CERTAUTH in a chain of certificates.
- User WEBADM has CONTROL authority to the FACILITY class resource
IRR.DIGTCERT.LIST. She issues the RACDCERT command shown to see information
about a certificate and the issuers’ certificates that are owned by
CERTAUTH in a chain of certificates.
RACDCERT ID(CHOI) LISTCHAIN(LABEL('samplecert'))
Certificate 1:
Digital certificate information for user CHOI:
Label: samplecert
Certificate ID: 2QbmxsPI1smJl4OFmaPy
Status: TRUST
Start Date: 2011/10/20 00:00:00
End Date: 2012/10/20 23:59:59
Serial Number:
>05<
Issuer's Name:
>CN=sampleCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=samplecert.O=Test.SP=Poughkeepsie.C=US<
Subject's AltNames:
IP: 127.0.0.5
EMail: choi at us.ibm.com
Domain: www.ibm.com
Signing Algorithm: sha1RSA
Key Usage: HANDSHAKE
Key Type: RSA
Key Size: 1024
Private Key: Yes
PKDS Label: SAMPLECERT
Ring Associations:
Ring Owner: CHOI
Ring:
>testring<
Certificate 2:
Digital certificate information for CERTAUTH:
Label: sampleCA
Certificate ID: 2PabcsPI1smJl4OFmaPx
Status: TRUST
Start Date: 2010/03/22 00:00:00
End Date: 2020/10/22 23:59:59
Serial Number:
>02<
Issuer's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=sampleCA.O=Test.SP=Poughkeepsie.C=US<
Signing Algorithm: sha256RSA
Key Usage: CERTSIGN
Key Type: RSA
Key Size: 2048
Private Key: Yes
PKDS Label: SAMPLECA
Ring Associations:
Ring Owner: CHOI
Ring:
>testring<
Certificate 3:
Digital certificate information for CERTAUTH:
Label: MasterCA
Certificate ID: 2KbmxsPI1smJl4OFmaPm
Status: TRUST
Start Date: 2008/04/20 00:00:00
End Date: 2038/04/20 23:59:59
Serial Number:
>00<
Issuer's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Signing Algorithm: sha256RSA
Key Usage: CERTSIGN
Key Type: RSA
Key Size: 4096
Private Key: Yes
PKDS Label: MASTERCA
Ring Associations:
Ring Owner: CHOI
Ring:
>testring<
Chain information:
Chain contains 3 certificate(s), chain is complete
Chain contains ring in common: CHOI/testring
- User WEBADM has CONTROL authority to the FACILITY class resource
IRR.DIGTCERT.LIST. She issues the RACDCERT command shown to see information
about a certificate and the issuers’ certificates that are owned by
CERTAUTH in a chain of certificates. One certificate is expired, and
one certificate is a NOTRUST certificate.
RACDCERT ID(CHOI) LISTCHAIN(LABEL('samplecert'))
Certificate 1:
Digital certificate information for user CHOI:
Label: samplecert
Certificate ID: 2QbmxsPI1smJl4OFmaPy
Status: TRUST
Start Date: 2010/10/20 00:00:00
End Date: 2011/10/20 23:59:59
Serial Number:
>05<
Issuer's Name:
>CN=sampleCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=samplecert.O=Test.SP=Poughkeepsie.C=US<
Subject's AltNames:
IP: 127.0.0.5
EMail: choi at us.ibm.com
Domain: www.ibm.com
Signing Algorithm: sha1RSA
Key Usage: HANDSHAKE
Key Type: RSA
Key Size: 1024
Private Key: Yes
PKDS Label: SAMPLECERT
Ring Associations:
Ring Owner: CHOI
Ring:
>testring<
Certificate 2:
Digital certificate information for CERTAUTH:
Label: sampleCA
Certificate ID: 2PabcsPI1smJl4OFmaPx
Status: NOTRUST
Start Date: 2010/03/22 00:00:00
End Date: 2020/10/22 23:59:59
Serial Number:
>02<
Issuer's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=sampleCA.O=Test.SP=Poughkeepsie.C=US<
Signing Algorithm: sha256RSA
Key Usage: CERTSIGN
Key Type: RSA
Key Size: 2048
Private Key: Yes
PKDS Label: SAMPLECA
Ring Associations:
Ring Owner: CHOI
Ring:
>testring<
Certificate 3:
Digital certificate information for CERTAUTH:
Label: MasterCA
Certificate ID: 2KbmxsPI1smJl4OFmaPm
Status: TRUST
Start Date: 2008/04/20 00:00:00
End Date: 2038/04/20 23:59:59
Serial Number:
>00<
Issuer's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Signing Algorithm: sha256RSA
Key Usage: CERTSIGN
Key Type: RSA
Key Size: 4096
Private Key: Yes
PKDS Label: MASTERCA
Ring Associations:
Ring Owner: CHOI
Ring:
>testring<
Chain information:
Chain contains 3 certificate(s), chain is complete
Chain contains ring in common: CHOI/testring
Chain contains NOTRUST certificate(s)
Chain contains expired certificate(s)
- User WEBADM has CONTROL authority to the FACILITY class resource
IRR.DIGTCERT.LIST. She issues the RACDCERT command shown to see information
about a certificate and the issuers’ certificates that are owned by
CERTAUTH in a chain of certificates. The chain is incomplete, and
there is no common ring.
Certificate 1:
Digital certificate information for user CHOI:
Label: samplecert
Certificate ID: 2QbmxsPI1smJl4OFmaPy
Status: TRUST
Start Date: 2010/10/20 00:00:00
End Date: 2012/10/20 23:59:59
Serial Number:
>05<
Issuer's Name:
>CN=sampleCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=samplecert.O=Test.SP=Poughkeepsie.C=US<
Subject's AltNames:
IP: 127.0.0.5
EMail: choi at us.ibm.com
Domain: www.ibm.com
Signing Algorithm: sha1RSA
Key Usage: HANDSHAKE
Key Type: RSA
Key Size: 1024
Private Key: Yes
PKDS Label: SAMPLECERT
Ring Associations:
Ring Owner: CHOI
Ring:
>testring<
Certificate 2:
Digital certificate information for CERTAUTH:
Label: sampleCA
Certificate ID: 2PabcsPI1smJl4OFmaPx
Status: TRUST
Start Date: 2010/03/22 00:00:00
End Date: 2020/10/22 23:59:59
Serial Number:
>02<
Issuer's Name:
>CN=MasterCA.O=Test.SP=Poughkeepsie.C=US<
Subject's Name:
>CN=sampleCA.O=Test.SP=Poughkeepsie.C=US<
Signing Algorithm: sha256RSA
Key Usage: CERTSIGN
Key Type: RSA
Key Size: 2048
Private Key: Yes
PKDS Label: SAMPLECA
Ring Associations:
Ring Owner: WAI
Ring:
>testring2<
Chain information:
Chain contains 2 certificate(s), chain is incomplete
Chain contains no ring in common
z/OS Security Server RACF Security Administrator's Guide
Copyright IBM Corporation 1990, 2014