Import Certificate Store (QYKMIMPK, QykmImportKeyStore)


  Required Parameter Group:

1 Certificate store path and file Name Input Char(*)
2 Length of certificate store path and file Name Input Binary(4)
3 Format of certificate store path and file Name Input Char(8)
4 Certificate store password Input Char(*)
5 Length of certificate store password Input Binary(4)
6 CCSID of certificate store password Input Binary(4)
7 Import path and file name Input Char(*)
8 Length of import path and file name Input Binary(4)
9 Format of import path and file name Input Char(8)
10 Version of import file Input Char(10)
11 Import file password Input Char(*)
12 Length of import file password Input Binary(4)
13 CCSID of import file password Input Binary(4)
14 Error code I/O Char(*)

  Service Program Name: QYKMSYNC

  Default Public Authority: *USE

  Threadsafe: No

The Import Certificate Store API (OPM, QYKMIMPK; ILE, QykmImortKeyStore) allows a user to import an entire certificate store from a PKCS12 version 3 standard file. This allows for the import of private keys as well as record labels. Records with duplicate labels and/or public keys are not imported. Note: Option 34, Digital Certificate Manager, must be installed in order to use this API.


Authorities and Locks

Authority Required

To use this API, option 34 must be installed. You must also provide the password for the certificate store and know the password of the import file name.

For the file objects:

For the directories:

Also, see the open() API for the authority needed to the certificate store and the import file.

Locks
Object will be locked Start of changesharedEnd of change read.

Required Parameter Group

Certificate store path and file name
INPUT; Char(*)

The path name of the certificate store (kdb) to which you want to import. This path and file name may be absolute (i.e., entire path name) or relative to the current directory. If the file does not exist, it will be created. If you are using format OBJN0100 (see below), this parameter is assumed to be represented in the coded character set identifier (CCSID) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.

Length of certificate store path and file name
INPUT; Binary(4)

The length of the certificate store path and file name. If the format specified is OBJN0200 (see below), this field must include the QLG path name structure length in addition to the length of the path name itself. If the format specified is OBJN0100 (see below), only the length of the path name itself is included.

Format of certificate store path and file name
INPUT; CHAR(8)

The format of the certificate store path and file name parameter.

OBJN0100 The certificate store path and file name is a simple path name.
OBJN0200 The certificate path and file name is an LG-type path name.

Certificate store password
INPUT; CHAR(*)

The password of the certificate store whose certificates will be imported from the given import file.

Length of certificate store password
INPUT; Binary(4)

The length of the password of the certificate store.

CCSID of certificate store password
INPUT; Binary(4)

This parameter is the CCSID of the certificate store password. If the value is 0, the default CCSID of the job will be used.

Import path and file name
INPUT; CHAR(*)

The path (including the name) of the import file from which all of the certificates are to be imported into the certificate store. This path and file name may be absolute (i.e., entire path name) or relative to the current directory. If you are using format OBJN0100 (see below), this parameter is assumed to be represented in the coded character set identifier (CCSID) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.

Length of import path and file name
INPUT; Binary(4)

The length of the import path and file name. If the format specified is OBJN0200 (see below), this field must include the QLG path name structure length in addition to the length of the path name itself. If the format specified is OBJN0100 (see below), only the length of the path name itself is included.

Format of import path and file name
INPUT; CHAR(8)

The format of the import path and file name parameter.

OBJN0100 The import path and file name is a simple path name.
OBJN0200 The import path and file name is an LG-type path name.

Version of import file
INPUT; Char(10)

Currently, the only value supported here is *PKCS12V3 to indicate that only PKCS12 version 3 files will be used for importing and exporting entire certificate stores.

Import file password
INPUT; CHAR(*)

The password of the import file.

Length of import file password
INPUT; Binary(4)

The length of the password to the import file.

CCSID of import file password
INPUT; Binary(4)

This parameter is the CCSID of the import file password. If the value is 0, the default CCSID of the job will be used.

Error code
OUTPUT; CHAR(*)

The structure in which to return error information. For the format of the structure, see Error Code Parameter.


Error Messages

Message ID Error Message Text
CPFB001 E One or more input parameters is NULL or missing.
CPFB006 E An error occurred. The error code is &1.
CPFB007 E User not authorized to directory or file.
CPFB008 E The format name for the certificate store is not valid.
CPFB009 E The format name for the export or import file is not valid.
CPFB00A E Option &2 of the operating system is required to work with certificates.
CPFB010 E Import file does not exist.
CPFB011 E Import file password is not valid.
CPFB012 E Duplicate key exists.


API introduced: V5R3
Top | Security APIs | APIs by category