345 lines
9.2 KiB
HTML
345 lines
9.2 KiB
HTML
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
||
|
<title>Generate and Sign User Certificate Request (QYCUGSUC) API</title>
|
||
|
<!-- Begin Header Records ========================================= -->
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<!-- Created by Barb Smith for V5R2 -->
|
||
|
<!-- at RCHVMW2 on 17 Feb 1999 at 11:05:09 -->
|
||
|
<!-- Change History: -->
|
||
|
<!-- YYMMDD USERID Change description -->
|
||
|
<!-- End Header Records -->
|
||
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
||
|
</head>
|
||
|
<body>
|
||
|
<a name="Top_Of_Page"></a>
|
||
|
<!-- Java sync-link -->
|
||
|
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
|
||
|
</script>
|
||
|
|
||
|
<h2>Generate and Sign User Certificate Request (QYCUGSUC) API</h2>
|
||
|
|
||
|
<div class="box" style="width: 80%;">
|
||
|
<br>
|
||
|
Required Parameter Group:<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
<table width="100%">
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">1</td>
|
||
|
<td align="left" valign="top" width="50%">User name</td>
|
||
|
<td align="left" valign="top" width="20%">Input</td>
|
||
|
<td align="left" valign="top" width="20%">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">2</td>
|
||
|
<td align="left" valign="top">Organization</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">3</td>
|
||
|
<td align="left" valign="top">Organization unit</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">4</td>
|
||
|
<td align="left" valign="top">City</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">5</td>
|
||
|
<td align="left" valign="top">State</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">6</td>
|
||
|
<td align="left" valign="top">Country or region</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">7</td>
|
||
|
<td align="left" valign="top">Public key</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">8</td>
|
||
|
<td align="left" valign="top">E-mail address</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">9</td>
|
||
|
<td align="left" valign="top">File to store signed certificate</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Char(*)</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
Returned Value:<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
<table width="100%">
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%"> </td>
|
||
|
<td align="left" valign="top" width="50%">Return code</td>
|
||
|
<td align="left" valign="top" width="20%">Output</td>
|
||
|
<td align="left" valign="top" width="20%">Binary(4)</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
Default Public Authority: *USE<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Threadsafe: No<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
</div>
|
||
|
|
||
|
<p>The Generate and Sign User Certificate Request (QYCUGSUC) API generates
|
||
|
a user certificate request and then signs the certificate request using the
|
||
|
local Certificate Authority (CA). The request to generate and sign the user
|
||
|
certificate request must come from a Netscape, or compatible, browser session.
|
||
|
The call to this program must be made using the DTW_DIRECTCALL language
|
||
|
environment in Net.Data.</p>
|
||
|
|
||
|
<p>Error information is returned as a return value from this program. The error
|
||
|
code value can be captured using the RETURNS keyword on the function definition
|
||
|
that uses DTW_DIRECTCALL.</p>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Authorities and Locks</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt><em>User Profile Authority</em></dt>
|
||
|
|
||
|
<dd>Caller of this API must have *ALLOBJ and *SECADM special authorities</dd>
|
||
|
|
||
|
<dt><em>API Public Authority</em></dt>
|
||
|
|
||
|
<dd>*USE</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Required Parameter Group</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt><strong>User name</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(*)
|
||
|
|
||
|
<p>The name of the user for which the certificate request was made. This is a
|
||
|
required field.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Organization</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(*)
|
||
|
|
||
|
<p>The organization information for the user. This is a required field.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Organization unit</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(*)
|
||
|
|
||
|
<p>The organization unit information for the user. This may be a NULL
|
||
|
string.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>City</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(*)
|
||
|
|
||
|
<p>The city information for the user. This may be a NULL string.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>State</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(*)
|
||
|
|
||
|
<p>The state information for the user. This is a required field.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Country or region</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(*)
|
||
|
|
||
|
<p>The country or region information for the user. This is a required field.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Public key</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(*)
|
||
|
|
||
|
<p>The public key for the certificate request. This value is generated using
|
||
|
the "keygen" HTML directive. This is a required field.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>E-mail address</strong></dt>
|
||
|
|
||
|
<dd>Input; CHAR(*)
|
||
|
|
||
|
<p>The e-mail address for the user. This may be a NULL string.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>File to store signed certificate</strong></dt>
|
||
|
|
||
|
<dd>Input; CHAR(*)
|
||
|
|
||
|
<p>The absolute pathname for the file in which the signed certificate is
|
||
|
stored. The file will be created if it does not exist. If the file already
|
||
|
exists, the contents of the file will be replaced. This is a required
|
||
|
field.</p>
|
||
|
|
||
|
<p>This parameter is assumed to be represented in the CCSID (coded character
|
||
|
set identifier) currently in effect for the job. If the CCSID of the job is
|
||
|
65535, this parameter is assumed to be represented in the default CCSID of the
|
||
|
job.</p>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Return Codes</h3>
|
||
|
|
||
|
<table width="100%" cellpadding="5">
|
||
|
<tr>
|
||
|
<th align="center" valign="top">Message ID</th>
|
||
|
<th align="left" valign="top">Error Message Text</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="15%">0</td>
|
||
|
<td align="left" valign="top" width="85%">Certificate was successfully
|
||
|
signed.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">-99</td>
|
||
|
<td align="left" valign="top">Unexpected error.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">71</td>
|
||
|
<td align="left" valign="top">Unable to allocate storage.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">93</td>
|
||
|
<td align="left" valign="top">The local Certificate Authority (CA) does not
|
||
|
exist. Use Digital Certificate Manager (DCM) to create the local CA.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">95</td>
|
||
|
<td align="left" valign="top">The password for the Local Certificate Authority
|
||
|
(CA) certificate store is not stashed. Use DCM to change the password for the
|
||
|
Local CA certificate store.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">3843</td>
|
||
|
<td align="left" valign="top">The state value is too short. It must be at least
|
||
|
3 characters.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">3845</td>
|
||
|
<td align="left" valign="top">The caller of this API does not have *ALLOBJ and
|
||
|
*SECADM special authorities.</td>
|
||
|
</tr>
|
||
|
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">3857</td>
|
||
|
<td align="left" valign="top">The organization value is required.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">3859</td>
|
||
|
<td align="left" valign="top">The country or region value is not valid. It must be 2
|
||
|
characters.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">3956</td>
|
||
|
<td align="left" valign="top">The local CA does not allow creation of user
|
||
|
certificates. You must change the policy data for the local CA using DCM.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">4003</td>
|
||
|
<td align="left" valign="top">Certificate to be signed is not valid.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Example</h3>
|
||
|
<p>See <a href="../apiref/aboutapis.htm#codedisclaimer">Code disclaimer information</a>
|
||
|
for information pertaining to code examples.</p>
|
||
|
<p>The following is an example of a function call to this program using
|
||
|
Net.Data.</p>
|
||
|
|
||
|
<pre>
|
||
|
%function(DTW_DIRECTCALL) signcert(IN CHAR(10) userName,
|
||
|
IN CHAR(64) orgName,
|
||
|
IN CHAR(64) orgUnitName,
|
||
|
IN CHAR(128) city,
|
||
|
IN CHAR(128) state,
|
||
|
IN CHAR(2) countryRegion,
|
||
|
IN CHAR(1024) publicKey,
|
||
|
IN CHAR(128) email,
|
||
|
IN CHAR(128) storeFile) RETURNS(retVal) {
|
||
|
%EXEC { /QSYS.LIB/QICSS.LIB/QYCUGSUC.PGM %}
|
||
|
%}
|
||
|
</pre>
|
||
|
|
||
|
|
||
|
<br>
|
||
|
<hr>
|
||
|
API introduced: V5R2
|
||
|
|
||
|
<hr>
|
||
|
<center>
|
||
|
<table cellpadding="2" cellspacing="2">
|
||
|
<tr align="center">
|
||
|
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
|
||
|
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</center>
|
||
|
</body>
|
||
|
</html>
|
||
|
|