Export Certificate Store (QYKMEXPK, QykmExportKeyStore)


  Required Parameter Group:

1 Certificate store path and file Name Input Char(*)
2 Length of certificate store path and file Name Input Binary(4)
3 Format of certificate store path and file Name Input Char(8)
4 Certificate store password Input Char(*)
5 Length of certificate store password Input Binary(4)
6 CCSID of certificate store password Input Binary(4)
7 Export path and file name Input Char(*)
8 Length of export path and file name Input Binary(4)
9 Format of export path and file name Input Char(8)
10 Version of export file Input Char(10)
11 Export file password Input Char(*)
12 Length of export file password Input Binary(4)
13 CCSID of export file password Input Binary(4)
14 Error code I/O Char(*)

  Service Program Name: QYKMSYNC

  Default Public Authority: *USE

  Threadsafe: No

The Export Certificate Store API (OPM, QYKMEXPK; ILE, QykmEportKeyStore) allows a user to export an entire certificate store to a PKCS12 version 3 standard file. This allows for the export of private keys as well as record labels. Note: Option 34, Digital Certificate Manager, must be installed in order to use this API.

Authorities and Locks

Authority Required

To use this API, option 34 must be installed. You must also know the Start of change password of the certificate store if you want to export private keys. Additionally, you must End of change provide a password for the export file which gets created as a result of calling this API.

For the file objects:

For the directories:

Also, see the open() API for the authority needed to the certificate store. The export file must not exist prior to calling this API. The export file gets created as a result of calling this API.

Locks
Object will be locked Start of changesharedEnd of change read.

Required Parameter Group

Certificate store path and file name
INPUT; Char(*)

The path name of the certificate store (kdb) you want to export. This path and file name may be absolute (i.e., entire path name) or relative to the current directory. If you are using format OBJN0100 (see below), this parameter is assumed to be represented in the coded character set identifier (CCSID) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.

Length of certificate store path and file name
INPUT; Binary(4)

The length of the certificate store path and file name. If the format specified is OBJN0200 (see below), this field must include the QLG path name structure length in addition to the length of the path name itself. If the format specified is OBJN0100 (see below), only the length of the path name itself is included.

Format of certificate store path and file name
INPUT; CHAR(8)

The format of the certificate store path and file name parameter.

OBJN0100 The certificate store path and file name is a simple path name.
OBJN0200 The certificate path and file name is an LG-type path name.

Certificate store password
INPUT; CHAR(*)

The password of the certificate store whose certificates will be exported to the given export file. Start of change If the password parameter is null, private keys will not be exported. End of change

Length of certificate store password
INPUT; Binary(4)

The length of the password of the certificate store whose certificates will be exported to the given export file. Start of change If the length of the password is 0, private keys will not be exported. End of change

CCSID of certificate store password
INPUT; Binary(4)

This parameter is the CCSID of the certificate store password. If the value is 0, the default CCSID of the job will be used.

Export path and file name
INPUT; CHAR(*)

The path (including the name) of the export file into which all of the certificates in the certificate store will be exported in the format indicated by the version of the export file parameter. This path and file name may be absolute (i.e., entire path name) or relative to the current directory. If you are using format OBJN0100 (see below), this parameter is assumed to be represented in the coded character set identifier (CCSID) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.

Length of export path and file name
INPUT; Binary(4)

The length of the export path and file name. If the format specified is OBJN0200 (see below), this field must include the QLG path name structure length in addition to the length of the path name itself. If the format specified is OBJN0100 (see below), only the length of the path name itself is included.

Format of export path and file name
INPUT; CHAR(8)

The format of the export path and file name parameter.

OBJN0100 The export path and file name is a simple path name.
OBJN0200 The export path and file name is an LG-type path name.

Version of export file
INPUT; Char(10)

Currently, the only value supported here is *PKCS12V3 to indicate that only PKCS12 version 3 files will be used for importing and exporting entire certificate stores.

Export file password
INPUT; CHAR(*)

The password of the export file.

Length of export file password
INPUT; Binary(4)

The length of the password of the export file.

CCSID of export file password
INPUT; Binary(4)

This parameter is the CCSID of the export file password. If the value is 0, the default CCSID of the job will be used.

Error code
OUTPUT; CHAR(*)

The structure in which to return error information. For the format of the structure, see Error Code Parameter.


Error Messages

Message ID Error Message Text
CPFB001 E One or more input parameters is NULL or missing.
CPFB002 E Certificate store does not exist.
CPFB003 E Certificate store password is not valid.
CPFB004 E User not authorized to certificate store.
CPFB005 E Export file already exists.
CPFB006 E An error occurred. The error code is &1.
CPFB007 E User not authorized to directory or file.
CPFB008 E The format name for the certificate store is not valid.
CPFB009 E The format name for the export or import file is not valid.
CPFB00A E Option &2 of the operating system is required to work with certificates.



API introduced: V5R3
Top | Security APIs | APIs by category