| 1 | User name | Input | Char(*) |
| 2 | Organization | Input | Char(*) |
| 3 | Organization unit | Input | Char(*) |
| 4 | City | Input | Char(*) |
| 5 | State | Input | Char(*) |
| 6 | Country or region | Input | Char(*) |
| 7 | Public key | Input | Char(*) |
| 8 | E-mail address | Input | Char(*) |
| 9 | File to store signed certificate | Input | Char(*) |
| Return code | Output | Binary(4) |
The Generate and Sign User Certificate Request (QYCUGSUC) API generates a user certificate request and then signs the certificate request using the local Certificate Authority (CA). The request to generate and sign the user certificate request must come from a Netscape, or compatible, browser session. The call to this program must be made using the DTW_DIRECTCALL language environment in Net.Data.
Error information is returned as a return value from this program. The error code value can be captured using the RETURNS keyword on the function definition that uses DTW_DIRECTCALL.
The name of the user for which the certificate request was made. This is a required field.
The organization information for the user. This is a required field.
The organization unit information for the user. This may be a NULL string.
The city information for the user. This may be a NULL string.
The state information for the user. This is a required field.
The country or region information for the user. This is a required field.
The public key for the certificate request. This value is generated using the "keygen" HTML directive. This is a required field.
The e-mail address for the user. This may be a NULL string.
The absolute pathname for the file in which the signed certificate is stored. The file will be created if it does not exist. If the file already exists, the contents of the file will be replaced. This is a required field.
This parameter is assumed to be represented in the CCSID (coded character set identifier) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.
| Message ID | Error Message Text |
|---|---|
| 0 | Certificate was successfully signed. |
| -99 | Unexpected error. |
| 71 | Unable to allocate storage. |
| 93 | The local Certificate Authority (CA) does not exist. Use Digital Certificate Manager (DCM) to create the local CA. |
| 95 | The password for the Local Certificate Authority (CA) certificate store is not stashed. Use DCM to change the password for the Local CA certificate store. |
| 3843 | The state value is too short. It must be at least 3 characters. |
| 3845 | The caller of this API does not have *ALLOBJ and *SECADM special authorities. |
| 3857 | The organization value is required. |
| 3859 | The country or region value is not valid. It must be 2 characters. |
| 3956 | The local CA does not allow creation of user certificates. You must change the policy data for the local CA using DCM. |
| 4003 | Certificate to be signed is not valid. |
See Code disclaimer information for information pertaining to code examples.
The following is an example of a function call to this program using Net.Data.
%function(DTW_DIRECTCALL) signcert(IN CHAR(10) userName,
IN CHAR(64) orgName,
IN CHAR(64) orgUnitName,
IN CHAR(128) city,
IN CHAR(128) state,
IN CHAR(2) countryRegion,
IN CHAR(1024) publicKey,
IN CHAR(128) email,
IN CHAR(128) storeFile) RETURNS(retVal) {
%EXEC { /QSYS.LIB/QICSS.LIB/QYCUGSUC.PGM %}
%}
| Top | Security APIs | APIs by category |