Universal Certificate for z/OS

Universal Certificate for z/OS executes as a batch job.

This section describes the Universal Certificate for z/OS JCL and command line options.

JCL Procedure

The following figure illustrates the Universal Certificate for z/OS JCL procedure (UCRPRC, located in the SUNVSAMP library), that is provide to simplify the execution JCL and future maintenance.

//UCRPRC   PROC UPARM=,               -- UCERT options
//             UCRPRE=#SHLQ.UNV,
//             UCRDBPRE=#PHLQ.UNV
//*
//PS1      EXEC PGM=UCERT,PARM='ENVAR(TZ=EST5EDT)/&UPARM'
//STEPLIB  DD  DSN=&UCRPRE..SUNVLOAD,
//             DISP=SHR
//*
//UNVDB    DD  DSN=&UCRDBPRE..UCRDB,
//             DISP=SHR
//UNVNLS   DD  DSN=&UCRPRE..SUNVNLS,
//             DISP=SHR
//UNVTRACE DD  SYSOUT=*
//*
//SYSPRINT DD  SYSOUT=*
//SYSOUT   DD  SYSOUT=*
//CEEDUMP  DD  SYSOUT=*
//SYSUDUMP DD  SYSOUT=*

DD Statements used in JCL Procedure

The following table describes the DD statements used in the Universal Certificate for z/OS JCL procedure, above.

ddname	Description
STEPLIB	Load library in which program UCERT is located.
UNVDB	UCERT certificate database.
UNVNLS	UCERT national language support ddname.
UNVTRACE	UCERT trace ddname.
SYSPRINT	UCERT standard output ddname.
SYSOUT	UCERT standard error ddname.

JCL

The following figure illustrates the Universal Certificate for z/OS JCL using the UCRPRC JCL procedure, above.

//UCERT    EXEC PGM=UCERT
//STEPLIB  DD  DISP=SHR,DSN=UNV.SUNVLOAD
//UNVNLS   DD  DISP=SHR,DSN=UNV.SUNVNLS
//UNVDB    DD  DISP=SHR,DSN=UNV.UCRDB
//UNVTRACE DD  SYSOUT=*
//SYSPRINT DD  SYSOUT=*
//SYSOUT   DD  SYSOUT=*
//CEEDUMP  DD  SYSOUT=*
//SYSIN    DD  DUMMY

Command Line Syntax

The following figure illustrates the syntax - using the long form of command line options - of Universal Certificate for z/OS.

ucert[-codepage codepage][-level {trace|audit|info|warn|error}][ -file ddname | -encryptedfile ddname [-key key] [-keypath path]

Creating a certificate request.
{-create request
-request_file ddname [-request_format {pem|der}]
-private_key_file ddname [-private_key_format {pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
[-private_key_pwd password]
[-private_key_type {RSA|EC}]
[-key_size {512|1024|2048|3072|4096}]
[-elliptic_curve {secp112r2|secp160r1|secp224k1|prime256v1|secp384r1}]
[-country name]
[-state name]
[-locality name]
[-organization name]
[-organizational_unit name]
[-common_name name]
{ [-dns_name name] | [-ip_address name] }
[-sig_alg algorithm]
[-email_address name]

Creating a certificate from a certificate request.
| -create cert 
-request_file ddname [-request_format {pem|der}] 
-cert_file ddname [-cert_format {pem|der}]
[-cert_db ddname] 
-private_key_file ddname [-private_key_format {pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
[-private_key_pwd password]
-ca_cert_file ddname [-ca_cert_format {pem|der}]
[-serial_number number]
[-not_before_date date] [-not_after_date date]
[-ca {yes|no}]
[-sig_alg algorithm]

Creating a certificate from a transport file.
| -create cert
-transport_file ddname [-transport_file_pwd password]
-cert_file ddname [-cert_format {pem|der}]
-private_key_file ddname [-private_key_format {pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
-ca_cert_file ddname [-ca_cert_format {pem|der}]

Creating a certificate revocation list.
| -create crl
-crl_file ddname [-crl_format {pem|der}]
-ca_cert_file ddname [-ca_cert_format {pem|der}]
-private_key_file ddname [-private_key_format {pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
[-private_key_pwd password]
-next_update_days days
-next_update_hours hours
[-cert_db ddname]

Creating a transport file.
| -create transport
-transport_file ddname [-transport_file_pwd password]
-cert_file ddname [-cert_format {pem|der}]
-private_key_file ddname [-private_key_format pem|der}]
-private_key_infile ddname [-private_key_format {pem|der}]
[-private_key_pwd password]
-ca_cert_file ddname [-ca_cert_format {pem|der}]
[-common_name name]
[-keypbe encryption]
[-certpbe encryption]

Revoking a certificate.
| -revoke cert
[-revoke_reason {unspecified|keyCompromise|caCompromised|affiliationChange|superseded|
cessationofOperation|privilegeWithdrawn}]
-cert_file ddname [-cert_format {pem|der}]
[-cert_db ddname]

Printing a certificate request.
| -print request
-request_file ddname [-request_format {pem|der}]

Printing a certificate.
| -print cert
-cert_file ddname [-cert_format {pem|der}]

Printing a certificate revocation list.
| -print crl
-crl_file ddname [-crl_format {pem|der}]

Printing a transport file.
| -print transport
-transport_file ddname [-transport_file_pwd password]

Verifying a certificate.
| -verify cert
-cert_file ddname [-cert_format {pem|der}]
-ca_cert_file ddname [-ca_cert_format {pem|der}]
-crl_file ddname [-crl_format {pem|der}]

ucert
{ -help | -version }

JCL Procedure​

DD Statements used in JCL Procedure​

JCL​

Command Line Syntax​

JCL Procedure

DD Statements used in JCL Procedure

JCL

Command Line Syntax