`cascertreg`

Use the cascertreg command-line utility to list, delete, or add certificate registrations required for CICS Web Interface servers, deployment listeners, etc....

Syntax:

cascertreg [common-options] command [command-options] [parameters]

Common options:

`-directory path`	Specifies the certificate registration directory. You can also specify this by setting the `ES_CERT_REG` environment variable.
`-nobanner`	Specifies not to display the banner (program name and copyright message).
`-quiet`	Provide minimal output - do not ask for confirmation when deleting registrations.
`-verbose`	Provide more output.
`-algorithm`	Specifies the algorithm to use for generating fingerprints. Default is SHA1, values can be SHA224, SHA256, SHA384, and SHA512.

Commands, Command Options and Parameters:

Command	Options	Parameters	Explanation
`list`		partial fingerprint (optional)	List certificate registrations. If a partial fingerprint is supplied, only list certificates that match.
`delete`		partial fingerprint (optional)	Delete certificate registrations (matching the partial fingerprint if supplied). List matches registrations and prompts for confirmation unless `-quiet` is specified.
`add`	`-file certificate-file` or `-fingerprint fingerprint`	User ID	Add a registration for the specified certificate (supplied as either the certificate file or its fingerprint), associating it with the specified user. Fails if a registration for the certificate already exists. With the `-file` option, the certificate must be in PEM or DER format.
	`-cwi setting`		Set the cwi option for the certificate, indicating whether CICS Web Interface is allowed to map this certificate to a user. The value can be `yes`' or `no`. The default is `yes`.
	`-dcas setting`		As for -cwi, but for the Digital Certificate Authentication Service.
	`-issuer`		Specifies the optional certificate issuer DN when `-fingerprint` is used. (For `-file`, this is taken from the file.)
	`-subject`		Specifies the optional certificate subject DN when `-fingerprint` is used. (For -file, this is taken from the file.)

Examples

List all the certificate registrations in the specified directory. The list shows fingerprints and user IDs:

cascertreg -directory c:\cwi-certs list

List all certificate registrations in the directory specified by the ES_CERT_REG environment variable that include the string 01ab in their fingerprints. The list is in verbose form, showing any additional information recorded in the registration, such as subject and issuer Distinguished Names:

cascertreg list -verbose 01ab

Delete any registrations in the specified directory that include the string 01ab in their fingerprints, without prompting for information:

cascertreg -quiet delete 01ab -directory c:\cwi-certs

Add a registration (to the directory specified by the ES_CERT_REG environment variable) for the certificate in client.pem, associating it with the SYSAD and user ID:

cascertreg add -file client.pem SYSAD

As above, but this time using the SHA512 algorithm for the certificate fingerprint:

cascertreg add -file client.pem SYSAD –algorithm SHA512