CVTCERT -- Convert Certificates

CVTCERT CONVERT CERTIFICATES TAACERT
The Convert Certificates command produces an outfile of server or CA certificate information on the system. The most useful information is the certificate expiration date, giving users an easy way of checking which certificates expire soon. The outfile is sorted by expiration date in ascending order. The output file will be CVTCERTP in the library you select. The member name will default CVTCERTP that but can be changed to a user specified name. A replace option also exists. A typical command would be: CVTCERT CERTSTORE(SYSTEM) PASSWORD(xxxxxx) OUTLIB(QTEMP) REPLACE(YES) One record would be written for each certificate found showing the certificate name(s) and expiration date. The program TAACERTR briefly makes QSECOFR the current user to extract the expiration dates as required by the system API. The only information extracted are the expiration dates and certificate labels. CVTCERT escape messages you can monitor for ------------------------------------------ CPF9822 - Not authorized to file CVTCERTP. You must have USE authority to file CVTCERTP. CPF9802 - Not authorized to member. You must have OBJOPR, OBJMGT and DLT authority to replace the data in the member. Escape messages from based on functions will be re-sent. CVTCERT Command parameters CMD ------------------------- CERTSTORE The certificate store to search for certificates. The following values can be used for a certificate store name: SYSTEM - The SYSTEM certificate store. OBJECTSIGNING - The OBJECTSIGNING certificate store. SIGNATUREVERIFICATION - The SIGNATUREVERIFICATION certificate store. Directory path and file name - The fully qualified Integrated File System (IFS) directory path and file name of the certificate store. The dierctory path must start with a leading forward slash (/), for example, /mydirectory/mystore.kdb. The path and file name are assumed to be represented in the CCSID currently in effect for the job. This is a required field. OUTLIB Library for CVTCERTP file. A library name may be specified or the default LIBL may be used. If the CVTCERTP file does not already exist in the library list, a library must be specified. OUTMBR Member to receive output. The member of the CVTCERTP file to be used. If the member does not exist, it is added. The default is CVTCERTP. REPLACE Replace data in member. A YES/NO value for whether the member should be cleared before writing records into it. The default is YES. If NO is specified and the member already exists with records, the user will receive an error message. Restrictions ------------ None Prerequisites ------------- The following TAA Tools must be on your system: DUPTAADBF Duplicate TAA data base file EDTVAR Edit variable RTVDAT Retrieve date CHKSPCAUT Check special authority SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message SNDSTSMSG Send status message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- CVTCERT CMD TAACERT QATTCMD TAACERTC PGM CLLE TAACERTC QATTCL TAACERTR PGM RPGLE TAACERTR QATTRPG TAACERTP FILE PF TAACERTP QATTDDS TAACERTHC *PNLGRP TAACERTHC QATTUIM

CVTCERT            CONVERT CERTIFICATES                   TAACERT

The Convert Certificates  command produces an  outfile of server  or CA
certificate  information on the  system.   The most  useful information
is  the  certificate  expiration  date, giving  users  an  easy  way of
checking which  certificates expire  soon.   The outfile  is sorted  by
expiration date in ascending order.

The  output file  will be  CVTCERTP  in the  library you  select.   The
member  name will default  CVTCERTP that but  can be changed  to a user
specified name.  A replace option also exists.

A typical command would be:

    CVTCERT CERTSTORE(*SYSTEM) PASSWORD(xxxxxx)
            OUTLIB(QTEMP) REPLACE(*YES)

One record  would be  written for  each certificate  found showing  the
certificate name(s) and expiration date.

The  program  TAACERTR  briefly  makes  QSECOFR  the  current  user  to
extract the  expiration dates as required by the  system API.  The only
information  extracted  are  the   expiration  dates  and   certificate
labels.

CVTCERT escape messages you can monitor for
------------------------------------------

CPF9822  -  Not authorized  to  file  CVTCERTP.   You  must  have  *USE
authority to file CVTCERTP.

CPF9802  - Not authorized  to member.   You must have  *OBJOPR, *OBJMGT
and *DLT authority to replace the data in the member.

Escape messages from based on functions will be re-sent.

CVTCERT Command parameters                       *CMD
-------------------------

   CERTSTORE     The  certificate  store  to  search  for certificates.
                 The following  values can  be used  for a  certificate
                 store name:

*SYSTEM - The *SYSTEM certificate store.

*OBJECTSIGNING - The *OBJECTSIGNING certificate store.

*SIGNATUREVERIFICATION   -   The   *SIGNATUREVERIFICATION   certificate
store.

Directory  path and  file name  - The  fully qualified  Integrated File
System (IFS) directory  path and  file name of  the certificate  store.
The dierctory  path must start  with a leading  forward slash  (/), for
example,  /mydirectory/mystore.kdb.     The  path  and  file  name  are
assumed to be  represented in  the CCSID  currently in  effect for  the
job.  This is a required field.

   OUTLIB        Library for  CVTCERTP  file.   A library  name may  be
                 specified or  the default *LIBL  may be used.   If the
                 CVTCERTP  file does  not already exist  in the library
                 list, a library must be specified.

   OUTMBR        Member  to  receive  output.     The  member  of   the
                 CVTCERTP  file to  be used.   If  the member  does not
                 exist, it is added.  The default is CVTCERTP.

   REPLACE       Replace  data   in  member.    A  *YES/*NO  value  for
                 whether the member  should be  cleared before  writing
                 records into  it.   The default  is *YES.   If *NO  is
                 specified   and   the  member   already   exists  with
                 records, the user will receive an error message.


Restrictions
------------

None

Prerequisites
-------------

The following TAA Tools must be on your system:

     DUPTAADBF       Duplicate TAA data base file
     EDTVAR          Edit variable
     RTVDAT          Retrieve date
     CHKSPCAUT       Check special authority
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message
     SNDSTSMSG       Send status message


Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CVTCERT       *CMD                   TAACERT       QATTCMD
   TAACERTC      *PGM       CLLE        TAACERTC      QATTCL
   TAACERTR      *PGM       RPGLE       TAACERTR      QATTRPG
   TAACERTP      *FILE      PF          TAACERTP      QATTDDS
   TAACERTHC     *PNLGRP                TAACERTHC     QATTUIM

Added to TAA Productivity tools April 15, 2020

Home Page

Up to Top