Key features

EC for Venafi includes the following key features for working with Venafi Trust Protection Platform (TPP).

Related topics

Getting-started

Background processing

EC for Venafi performs background processing to search for expired digital certificates once every 24 hours at a time specified in the EC for Venafi configuration. 

If expired certificates are found, the agent issues the necessary RACF, TSS, or ACF2 commands to delete the expired certificates.

Audit logging

Agent components perform all of the main processing for EC for Venafi, and agents write the audit log details for each transaction. The gateway reports the system to which a transaction is routed.

The agent writes basic transactional information and any trace or diagnostic messages to SYSPRINT and Audit log messages to the SYSOUT data set RSVLmmdd. (where mmdd are the month and day).

Audit log messages might include the following information:

  • Date and time stamp
  • Transaction ID
  • Name of the target External Security Manager (ESM)
  • Operation requested by TPP
  • Variables supplied by TPP
  • RACF, TSS, or ACF2 commands issued
  • RACF, TSS, or ACF2 response messages
  • Response data returned to TPP

Site certificates

(SPE2307)

EC for Venafi supports multiple keyrings for a single certificate on an LPAR. Generally, new certificates are created in the following ways:

  • If the keyrings on an LPAR have the same owner, the certificate is created with the same owner as the keyrings.
  • If the keyrings on an LPAR have different owners, the certificate is created as a site certificate.

You can use EC for Venafi to create any new certificate as a site certificate, even if all of the keyrings on the LPAR have the same owner. You can use the Force Site Certificate option in TPP to tell EC for Venafi to create new certificates as site certificates so that they can be used in keyrings that are not managed by EC for Venafi.

For information about enabling this option, see Certificate and Application object management in "Configuring the TPP adaptable driver."

Bulk Insert utility

(SPE2307)

EC for Venafi provides a Bulk Insert utility, which you can use to generate multiple certificate and associated application objects by using a template and data file, rather than by creating the objects manually, one at a time. The Bulk Insert utility is installed with the TPP adaptable driver. You can run the utility on the TPP server, or copy the files to another computer in your network. For information about installing, configuring, and running the Bulk Insert utility, see the following topics:

Email support

EC for Venafi can generate email notifications according to your needs. You can configure them to be sent to one or more recipients under the following conditions:

  • The transaction was completed successfully and a response received for the request.
  • The transaction failed and the request was canceled.
  • An expired certificate was discovered and the list of expired certificates and expiration dates is sent.

For more information, see the sections EmailProfile statement and EmailRecipients statement in Configuring-the-agent.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*