The following example shows how to do a GENCERT with a Subject Altname
of an IP address from TSO, ACF:
ACF
gencert certauth.altname Subj(CN='REDS Lock Company Certificate Authority'
OU='Auditing Department' O='REDS Lock Company' C=US) label(Audit CA)
ALtname(IP=141.202.253.54)
CERTDATA / CERTAUTH.ALTNAME LAST CHANGED BY USER002 ON 10/10/14-12:29
CERTNSER(0000000000000001) ISSUERDN(CN=REDS Lock Company
Certificate Authority.OU=Auditing Department.O=REDS Lock
Company.C=US) KEYSIZE(1,024) LABEL(Audit CA) SERIAL#(00)
SUBJDN(CN=REDS Lock Company Certificate Authority.OU=Audi
ting Department.O=REDS Lock Company.C=US) TRUST
Certificate is not connected to any key rings
PROFILE
chkcert CERTAUTH.ALTNAME
Label:
Audit CA
Serial number:
00
Issuer's distinguished name:
CN=REDS Lock Company Certificate Authority
OU=Auditing Department
O=REDS Lock Company
C=US
Subject's distinguished name:
CN=REDS Lock Company Certificate Authority
OU=Auditing Department
O=REDS Lock Company
C=US
Subject's AltNames:
IP: 141.202.253.54
Key Usage:
CERTSIGN
Not valid before:
2014/10/10 00:00:00 UTC
Not valid after:
2015/10/10 23:59:59 UTC
Private Key Type:
RSA
Private key bit size:
1024
Signature Algorithm:
sha-1WithRSAEncryption
Details on the ACF GENCERT command can be found in the CA ACF2™ for z/OS Administration Guide r15 in Chapter 26: Digital Certificate Support section 'Processing Digital Certifications with CA ACF2' sub-section 'GENCERT Subcommand'.