RACDCERT ADDRING (Add key ring)

Purpose

Use the RACDCERT ADDRING command to create a new key ring.

Issuing options

The following table identifies the eligible options for issuing the RACDCERT ADDRING command:

As a RACF® TSO command?	As a RACF operator command?	With command direction?	With automatic command direction?	From the RACF parameter library?
Yes	No	No. (See rules.)	No. (See rules.)	No
Rules: The following rules apply when issuing this command. The RACDCERT command cannot be directed to a remote system using the AT or ONLYAT keyword. The updates made to the RACF database by RACDCERT are eligible for propagation with automatic direction of application updates based on the RRSFDATA profiles AUTODIRECT.target-node.DIGTCERT.APPL and AUTODIRECT.target-node.DIGTRING.APPL, where target-node is the remote node to which the update is to be propagated.

Authorization required

To issue the RACDCERT ADDRING command, you must have the SPECIAL attribute or sufficient authority to the IRR.DIGTCERT.ADDRING resource in the FACILITY class for your intended purpose.

Table 1. Authority required for the RACDCERT ADDRING function
IRR.DIGTCERT.ADDRING
Access level	Purpose
READ	Create a key ring for your own user ID.
UPDATE	Create a key ring for another user.

Activating your changes

If the DIGTRING class is RACLISTed, refresh the class to activate your changes.

Example:

SETROPTS RACLIST(DIGTRING) REFRESH

Related commands

To delete a key ring, see RACDCERT DELRING.
To list a key ring, see RACDCERT LISTRING.

Syntax

For the key to the symbols used in the command syntax diagrams, see Syntax of RACF commands and operands. The complete syntax of the RACDCERT ADDRING command is:


RACDCERT ADDRING(ring-name)
[ ID(ring-owner) ]

If you specify more than one RACDCERT function, only the last specified function is processed. Extraneous keywords that are not related to the function being performed are ignored.

If you do not specify a RACDCERT function, LIST is the default function.

For information on issuing this command as a RACF TSO command, refer to RACF TSO commands.

Parameters

ADDRING(ring-name)

Specifies the name of the new key ring. This key ring must not already exist for this user. The new key ring belongs to the user ID specified or defaulted by the ID(ring-owner) keyword.

The key ring name can be up to 237 characters in length. Lowercase characters are permitted. Key ring names become names of RACF profiles in the DIGTRING class, and can contain only characters that are allowed in RACF profile names, with the following restrictions.

Restrictions: The ring-name cannot contain any of the following characters:

an ampersand (X'50')
an asterisk (X'5C')
a percent sign (X'6C')

Because only user IDs can have key rings, neither CERTAUTH nor SITE can be specified with ADDRING.

ID(ring-owner)

Specifies the user ID of the key ring owner. (Only a user ID can have a key ring.) If not specified, the key ring owner defaults to the command issuer's user ID.

Examples


Example 1	Operation	User RACFADM wants to add a key ring for the local FTP server. The user ID of the FTP is FTPD. The keys that will be connected to the new ring will be shared by multiple users and the ring will represent the installation's FTP trust policy.
	Known	User RACFADM has SPECIAL authority.
	Command	`RACDCERT ID(FTPD) ADDRING(FTPring)`
	Output	None.

Example 2	Operation	User RACFADM wants to add a key ring for a new Web server application. The user ID of the Web server application is WEBSRV02. The keys that will be connected to the new ring will be shared by multiple users and the ring will represent the installation's trust policy for this Web server application.
	Known	User RACFADM has SPECIAL authority.
	Command	`RACDCERT ADDRING(SSLring) ID(WEBSRV02)`
	Output	None.