eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect
Share Embed Flag
Download ePaper

eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect

eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect

supportconnectw.ca.com
from supportconnectw.ca.com More from this publisher
12.07.2015 Views

Certificate Name Filtering SupportValid prefixes for SDNFILTR and IDNFILTR are:ValuesCOUNTRY C=STATE/PROVINCELOCALITY L=Specified asST=ORGANIZATION O=ORGANIZATIONAL UNITTITLE T=COMMON NAMEDOMAIN COMPONENTPOSTAL CODEEMAIL E=STREET NAMEUSERIDOU=CN=DC=PC=STREET=UID=IDNFILTR—Specifies the significant portion of the issuer’s distinguished namethat is to be used as a filter when associating an acid with a certificate. The valuespecified for IDNFILTR should begin with a prefix found in the list above andmust be followed by an equal sign (X'7E'). Each component should be separatedby a period (X'4B'). The case, blanks, and punctuation displayed when the digitalcertificate information is listed must be maintained in the IDNFILTR. Sincedigital certificates only contain characters available in the ASCII character set, thesame characters should be used for the IDNFILTR value.For example: IDNFILTR('OU=Class 1 Certificate.0=BobsCertAuth')CRITERIA—Is specified with the MULTIID acid to identify variable data inaddition to SDNFILTR and IDNFILTR. Criteria defined by eTrust CA-Top Secretare CNFAPP and SYSID. Users can also define their own variables.LABLCMAP—Specifies the label to be associated with the certificate name filter.Up to 32 characters can be specified. It can contain embedded blanks andmixed-case characters, and is stripped of leading and trailing blanks. If a singlequotation is intended to be part of the label-name, you must use two singlequotation marks together for each single quotation mark within the string, andthe entire string must then be enclosed within single quotation marks.1–76 Cookbook

Certificate Name Filtering SupportDCDSN—Specifies the name of a data set that contains a digital certificate. TheSDNFILTR or IDNFILTR data must match a portion of the subject/issuer’sdistinguished name extracted from the certificate. The distinguished name fromthe point of the match to the end of the name is used as the filter data.TRUST/NOTRUST—When specified it indicates whether this mapping can beused to associate a userid to a certificate presented by a user accessing thesystem. If neither TRUST nor NOTRUST is specified, the default is NOTRUST.Managing Criteria MapsWhen the acid is MULTIID and the CRITERIA keyword was specified on the TSS ADDCERTMAP command, criteria data must be defined in CRITMAP records to identify theacid to be associated with a certificate. The acid name on the CRITMAP record identifiesthe user when the filter that matched the certificate was for acid MULTIID. The TSSADD|REM|REPL|LIST commands is used to manage criteria maps. The syntax of theADD command follows:TSS ADD(userid) CRITMAP(recid){SYSID(system identifier)}{CNFAPP(application name)}{CNFUVAR(site variable list)}Userid—Name of the acid to be associated with this filter.CRITMAP—Unique 8-byte record identifier.SYSID—The system identifier. A maximum of 4 characters can be specified andthe value can contain an asterisk (*) for masking.CNFAPP—The application variable. A maximum of 8 characters can be specifiedand the value can contain an asterisk (*) for masking.CNFUVAR—A list of application-defined variables that are defined asCRITERIA keyword data. This field can contain up to 255 uppercase characters.Implementing eTrust CA-Top Secret in a z/OS or OS/390 Environment 1–77

Certificate Name Filtering SupportValid prefixes <strong>for</strong> SDNFILTR <strong>and</strong> IDNFILTR are:ValuesCOUNTRY C=STATE/PROVINCELO<strong>CA</strong>LITY L=Specified asST=ORGANIZATION O=ORGANIZATIONAL UNITTITLE T=COMMON NAMEDOMAIN COMPONENTP<strong>OS</strong>TAL CODEEMAIL E=STREET NAMEUSERIDOU=CN=DC=PC=STREET=UID=IDNFILTR—Specifies the significant portion of the issuer’s distinguished namethat is to be used as a filter when associating an acid with a certificate. The valuespecified <strong>for</strong> IDNFILTR should begin with a prefix found in the list above <strong>and</strong>must be followed by an equal sign (X'7E'). Each component should be separatedby a period (X'4B'). The case, blanks, <strong>and</strong> punctuation displayed when the digitalcertificate in<strong>for</strong>mation is listed must be maintained in the IDNFILTR. Sincedigital certificates only contain characters available in the ASCII character set, thesame characters should be used <strong>for</strong> the IDNFILTR value.For example: IDNFILTR('OU=Class 1 Certificate.0=BobsCertAuth')CRITERIA—Is specified with the MULTIID acid to identify variable data inaddition to SDNFILTR <strong>and</strong> IDNFILTR. Criteria defined by <strong>eTrust</strong> <strong>CA</strong>-<strong>Top</strong> <strong>Secret</strong>are CNFAPP <strong>and</strong> SYSID. Users can also define their own variables.LABLCMAP—Specifies the label to be associated with the certificate name filter.Up to 32 characters can be specified. It can contain embedded blanks <strong>and</strong>mixed-case characters, <strong>and</strong> is stripped of leading <strong>and</strong> trailing blanks. If a singlequotation is intended to be part of the label-name, you must use two singlequotation marks together <strong>for</strong> each single quotation mark within the string, <strong>and</strong>the entire string must then be enclosed within single quotation marks.1–76 Cookbook

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!