ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/secex1.htm

103 lines
6.6 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>Digital Certificate Management APIs</title>
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Begin Header Records ========================================= -->
<!-- Sec SCRIPT A converted by B2H R4.1 (346) (CMS) by V2KEA304 -->
<!-- at RCHVMW2 on 17 Feb 1999 at 11:05:09 -->
<!-- 030509 JETAYLOR replaced API and Exit listings with -->
<!-- pagegenerator output from javascript array -->
<!-- 031111 JETAYLOR replaced API and/or Exit listings with -->
<!-- pagegenerator output from javascript array -->
<!-- End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<a name="Top_Of_Page"></a>
<!-- Java sync-link -->
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
</script>
<h2>Digital Certificate Management APIs</h2>
<p>The digital certificate management APIs enable X.509 type certificates to be
associated with a user profile.The APIs add, remove, list, and find certificates that are associated with
user profiles.</p>
<p>This section also includes APIs for registering applications that use
certificates. Applications that need to use certificates will make themselves
known by registering themselves. As part of that registration, applications
will identify an exit program that is to be called:</p>
<ul>
<li>whenever a certificate is assigned to the application or if the certificate
assignment changes.</li>
<li>whenever a Certificate Authority (CA) is added to or removed from the trust
list for the application.</li>
<li>whenever the information about the application is being changed.</li>
<li>whenever the application is being deregistered.</li>
</ul>
<p>The application is, therefore, not responsible for providing a user interface
for certificate management. When the application starts, it can retrieve the
name and location of the certificate assigned to the application and use it for
initiating a Secure Sockets Layer (SSL) session or some other operation that
requires a certificate. </p>
<p>The digital certificate management APIs are:</p>
<!-- ***** NOTE ***** Do not manually update text or links in this section. -->
<!-- Updates made in this section *will* be overlaid by automated tools -->
<!-- Notify User Technologies of needed updates to be made in XML for API finder.-->
<!--***************API BEGIN PASTE***************-->
<ul>
<li><A HREF="QSYADDUC.htm">Add User Certificate</A> (QSYADDUC, QsyAddUserCertificate) associates a certificate with an i5/OS user profile.</li>
<li><A HREF="qsyaddvc.htm">Add Validation List Certificate</A> (QSYADDVC,QsyAddVldlCertificate) adds a certificate to a validation list.</li>
<li><A HREF="QSYCHKVC.htm">Check Validation List Certificate</A> (QSYCHKVC, QsyCheckVldlCertificate) determines whether a certificate is in a validation list.</li>
<li><A HREF="QSYDRGAP.htm">Deregister Application for Certificate Use</A> (QSYDRGAP, QsyDeregisterAppForCertUse) removes an application and all associated certificate information from the registration facility.</li>
<li><A HREF="qykmexpk.htm">Export Certificate Store</A> (QYKMEXPK, QykmExportKeyStore)) exports a certificate store to a PKCS 12 version 3 standard file.</li>
<li><A HREF="QSYFNDCU.htm">Find Certificate User</A> (QSYFNDCU, QsyFindCertificateUser) finds the user that is associated with a certificate.</li>
<li><A HREF="qycugsuc.htm">Generate and Sign User Certificate Request</A> (QYCUGSUC) generates a user certificate request and then signs the certificate request using the local Certificate Authority (CA).</li>
<li><img src="delta.gif" alt="Start of change" border="0"><A HREF="qykmgdki.htm">Get Default Key Item</A> (QYKMGDKI, QykmGetDefaultKeyItem) Allows you to retrieve the label of the default certificate in a certificate store.&nbsp;<img src="deltaend.gif" ALT="End of change" border="0"></li>
<li><A HREF="qykmimpk.htm">Import Certificate Store</A> (QYKMIMPK, QykmImportKeyStore)) imports a certificate store from a PKCS 12 version 3 standard file.</li>
<li><A HREF="qsylstuc.htm">List User Certificates</A> (QSYLSTUC, QsyListUserCertificates) lists the certificates in the user profile.</li>
<li><A HREF="qsylstvc.htm">List Validation List Certificates</A> (QSYLSTVC, QsyListVldlCertificates) lists the certificates in the validation list.</li>
<li><A HREF="qsyoluc.htm">Open List of User Certificates</A> (QSYOLUC) provides a list of user certificates associated with a user.</li>
<li><A HREF="QSYPARSC.htm">Parse Certificate</A> (QSYPARSC, QsyParseCertificate) parses a certificate and puts the results in the caller's storage.</li>
<li><A HREF="qsyrgap.htm">Register Application for Certificate Use</A> (QSYRGAP, QsyRegisterAppForCertUse) registers an application with the registration facility.</li>
<li><A HREF="QSYRMVUC.htm">Remove User Certificate</A> (QSYRMVUC, QsyRemoveUserCertificate) removes a certificate from an i5/OS user profile.</li>
<li><A HREF="QSYRMVVC.htm">Remove Validation List Certificate</A> (QSYRMVVC, QsyRemoveVldlCertificate) removes a certificate from a validation list.</li>
<li><A HREF="qsyretrievedigitalidconfig.htm">Retrieve Digital ID Configuration Information</A> (QsyRetrieveDigitalIDConfig()) retrieves digital ID configuration information.</li>
<li><A HREF="qsysetdigitalidconfig.htm">Set Digital ID Configuration Information</A> (QsySetDigitalIDConfig()) sets digital ID configuration information.</li>
<li><A HREF="qycusuc.htm">Sign User Certificate Request</A> (QYCUSUC) signs a user certificate request using the local Certificate Authority (CA).</li>
</ul>
<!--***************API END PASTE***************-->
<br>
<p><strong>Note:</strong> All of these APIs, except Register and Deregister Application for Certificate Use,
require that Digital Certificate Manager (DCM), option 34 of i5/OS<SUP>(TM)</SUP> (5722-SS1) be installed.</p>
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center">
<a href="#Top_Of_Page">Top</a> |
<a href="sec.htm">Security APIs</a> |
<a href="aplist.htm">APIs by category</a></td>
</tr>
</table>
</center>
</body>
</html>