CONNECT Subcommand

The CONNECT subcommand is used to associate certificate information with a key ring.
acf2src
The CONNECT subcommand associates certificate information with a key ring. A key ring is a collection of digital certificates that are associated with an individual user. Key rings provide a method to share digital certificates across multiple servers. Once a user's identity is verified to a system by a certificate, the user can access other resources through the certificates on their key ring.
CONnect Certdata(
user01.suffix
)|USER(
user01
) Keyring(
user02.suffix
) [Ringname(
ringname
)] [Label(
label
)] [Usage({PERSONAL|CERTAUTH|SITE})] [DEFAULT]
Example: Associate a record key to a keyring
Certificates are associated to
ACF2
users through profile records. The CERTDATA segment of the user profile record identifies an X.509 digital certificate that is associated with a user. As a security administrator, you ensure authorized users can share digital certificates across multiple servers. Associate the CERTDATA record to a site-specific keyring:
CONNECT CERTDATA(
frank01.mycert
) KEYRING(
user01.ring
) USAGE(
site
) DEFAULT
In this example, the CONNECT subcommand associates the CERTDATA record key
frank01.mycert
to a site specific key ring
user01.ring.
Default indicates that the certificate is the default certificate for the key ring.
  • CERTDATA(
    user01.suffix
    )
    Specifies the record key of a CERTDATA record to associate with a key ring. The
    frank01.mycert
    is a one- to eight-character logonid associated with the CERTDATA record. The suffix is one- to eight-characters used to make the record key unique. The suffix is separated from the logonid by a period. If LABEL is specified in addition to suffix, suffix and the label must refer to the same CERTDATA record.
  • KEYRING(
    user02.suffix
    )
    Specifies the record key of a KEYRING record to which the certificate information is to be associated. The logonid is a one- to eight-character logonid associated with the KEYRING record. The suffix is one- to eight-characters used to make the record key unique. The suffix is separated from the logonid by a period, and
    cannot
    be specified when the RINGNAME parameter is used.
  • RINGNAME(
    ringname
    )
    Specifies the ring name of a KEYRING record to which the certificate information is to be associated. The ringname can be up to 237 characters long.
  • LABEL(
    label
    )
    Specifies the label of a CERTDATA record to associate with a key ring. The label can be up to 32 characters long. This value can contain blanks and mixed-case characters.
    For every apostrophe that is desired in the Label value, specify two consecutive apostrophes. For example, the Label value, Frank's Certificate, should be specified as, Frank”s Certificate. If a single apostrophe is specified in the Label value, the value is invalid.
  • USAGE({PERSONAL|CERTAUTH|SITE})
    Specifies how the certificate is to be used in the key ring. If USAGE is omitted, the usage that is associated with the certificate that is being connected is used. If the private key of the certificate is extracted, specify USAGE(PERSONAL).
    • PERSONAL
      Specifies that the certificate is to be used as a user certificate.
    • CERTAUTH
      Specifies that the certificate is to be used as a certificate authority certificate.
    • SITE
      Specifies that the certificate is to be used as a site certificate.
  • USER(
    logonid
    )
    Specifies a logonid whose certificate is ALL be associated with the specified key ring. This behavior is similar to the way the ALLCA keyword connects all CERTAUTH certificates to a key ring.
    Certificates must be trusted to be logically connected to the keyring using the USER parameter.
  • DEFAULT
    Specifies that the certificate is to be the default certificate for the key ring. A key ring can have only one default certificate.