Hello All,
This is more of a SORT question than RACF or certs, so posting here.
Below is the 'CERTEXP' JCL member in RACFICE2 that shows all certs that are
expiring in the next 'n' days.
//USER01I JOB MSGLEVEL=(1,1),NOTIFY=&SYSUID,CLASS=A,
// MSGCLASS=H,REGION=19M
//*
//RACFICE EXEC PGM=ICETOOL,PARM='MSGPRT=ALL'
//TOOLMSG DD SYSOUT=*
//PRINT DD SYSOUT=*
//DFSMSG DD SYSOUT=*
//DBUDATA DD DISP=SHR,DSN=MARKN.TEST.IRRDBU00
//TEMP0001 DD DISP=(NEW,DELETE,DELETE),SPACE=(CYL,(20,5,0)),
// UNIT=SYSALLDA
//TOOLIN DD *
SORT FROM(DBUDATA) TO(TEMP0001) USING(CERT)
DISPLAY FROM(TEMP0001) LIST(PRINT) -
PAGE -
TITLE('Expired or Nearly Expired Certificates') -
DATE(YMD/) -
TIME(12:) -
BLANK -
ON(010,60,CH) HEADER('Name') -
ON(266,10,CH) HEADER('Start Date') -
ON(286,10,CH) HEADER('End Date')
//CERTCNTL DD *
SORT FIELDS=(10,8,CH,A)
INCLUDE COND=(5,4,CH,EQ,C'0560',AND,
286,10,CH,NE,C' ',AND,
286,10,CH,LT,DATE1(-)+30)
OPTION VLSHRT
It shows the cert "name", which is some eye-blurring text.
I've dug through the IRRDBU00 record layout notes and found the following
# 0207 User certificate name record
6 - 13 USCERT_NAME owner ID
15 - 260 USCERT_CERT_NAME cert "name"
262 - 293 USCERT_CERTLABL label
# 0500 General resource basic data record
6 - 251 GRBD_NAME cert "name"
253 - 260 GRBD_CLASS_NAME RACF class name (DIGTCERT)
271 - 280 GRBD_CREATE_DATE cert "creation" date
# 0560 General Resource Certificate Data
6 - 251 GRCERT_NAME cert "name"
253 - 260 GRCERT_CLASS_NAME RACF class name (DIGTCERT)
262 - 271 GRCERT_START_DATE
273 - 280 GRCERT_START_TIME
282 - 291 GRCERT_END_DATE
293 - 300 GRCERT_END_TIME
311 - 320 GRCERT_KEY_SIZE key size in bits
# 0561 General Resource Certificate References
6 - 251 CERTR_NAME cert "name"
253 - 260 CERTR_CLASS_NAME RACF class name (DIGTCERT)
262 - 507 CERTR_RING_NAME RACF ring profile name
# 0562 General Resource Key Ring Data
6 - 251 KEYR_NAME RACF ring profile name
253 - 260 KEYR_CLASS_NAME RACF class name (DIGTRING)
509 - 516 KEYR_CERT_USAGE cert usage (PERSONAL/SITE/CERTAUTH)
518 - 521 KEYR_CERT_DEFAULT personal?
523 - 554 KEYR_CERT_LABEL label
# 1560 General Resource Certificate Information
6 - 251 CERTN_NAME cert "name"
253 - 260 CERTN_CLASS_NAME RACF class name (DIGTCERT)
262 -1285 CERTN_ISSUER_DN Issuer DN
1287 -2310 CERTN_SUBJECT_DN Subject DN
2312 -2327 CERTN_SIG_ALG cert signing algo
I request your help to merge all cert-related record types from IRRDBU00
(hopefully just the ones listed here - 0207, 0500, 0560, 0561, 0562, 1560), and
dedupe it based on the unique cert "name" field.
Once done, I need help printing out all the other fields mentioned above so as
to get a table of all certs with all related info in a readable format (a CSV
would be great!).
And finally, the ability to filter the output based on 'n' days, so that I can
see what certs are expiring in the next 'n' days.
Thank you so much for your help, I'm hoping this will benefit many folks on the
list.
- Vignesh
Mainframe Infrastructure
MARKSANDSPENCER.COM
________________________________
Unless otherwise stated above:
Marks and Spencer plc
Registered Office:
Waterside House
35 North Wharf Road
London
W2 1NW
Registered No. 214436 in England and Wales.
Telephone (020) 7935 4422
Facsimile (020) 7487 2670
www.marksandspencer.com
Please note that electronic mail may be monitored.
This e-mail is confidential. If you received it by mistake, please let us know
and then delete it from your system; you should not copy, disclose, or
distribute its contents to anyone nor act in reliance on this e-mail, as this
is prohibited and may be unlawful.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
