Configuring the post-implementation script
You configure the post-implementation script by copying a sample script provided with EC for Venafi, and by specifying the script name in Venafi Trust Protection Platform (TPP). For an example of a post-implementation script, see Sample post-implementation script.
The sample script is included in the RSSSAMP library, which is installed with the application. For more information, see "Installation tasks" in Installing.
To configure the post-implementation script
- From the SAMPLIB library installed with EC for Venafi, copy the POSTIMPL sample script.
- Modify the functions, arguments, and variables according to the needs of your organization. For details, see Scripting requirements and variables.
- Save the script. You can rename the script. If so, use that name to specify the script in TPP, as described in step 5.
- Copy the script to the PDS library specified in your agent's started task ECIREXX JCL statement.
- Specify the script in TPP as follows. For detailed instructions on working with application objects, see the TPP documentation.
- Navigate to the application object associated with the certificate for which you want to run the post-implementation script.
- In the Post-implementation script name field, specify the name of the script.
- (Optional) Add any additional arguments to pass to the script at runtime.
- Click Save.
Scripting requirements and variables
For instructions on using REXX language, see the IBM documentation.
The post-implementation script is subject to the following requirements:
- To retrieve the entry variables, the script must start with a call to the ecentry() function and it must return with a call to the ecreturn() function.
- To write messages to the EC for Venafi log file, you must use the rsvxlog() function, which requires the following parameters:
- The value that appears in the left-hand column of the log entry
- The value that appears in the right-hand column of the log entry
- To run a WTO, you must use the rsvxwto() function.
You can use the following variables after the ecentry() call.
Variable | Description |
|---|---|
EC_APPTRACE | Indicates if application tracing is active:
|
EC_ESMTYPE | Security protocol: RACF, TSS, or ACF2 |
EC_GATEWAY | Name of the LPAR where the EC for Venafi gateway is running |
EC_HLQ | High-level qualifier used for the EC for Venafi data set |
EC_REXXTRACE | Indicates if REXX tracing is active:
|
EC_SYSID | Name of the LPAR where the current agent is running |
EC_SYSPLEX | SYSPLEX name |
EC_TRANID | Transaction ID for this transaction |
EC_TRANSTATE | Transaction state |
TPP_CERTEXPIRY | Expiry date of the certificate |
TPP_CERTLABEL | Certificate label |
TPP_COUNTRY | Country where the certificate was issued |
TPP_KEYINICSF | Indicates if the certificate will be stored in ICSF:
|
TPP_KEYSIZE | Size of the key |
TPP_NUMENDPOINTS | Total number of endpoints sent from TPP |
TPP_OWNERID | Owner ID |
TPP_SITECERTIFICATE | Indicates that the certificate is a site certificate |
TPP_STATE | State or province where the certificate was issued |
TPP_SUBJECTCN | Subject Canonical Name, using the DNS domain name format |
TPP_SUBJECTL | Subject Locality, being the city or municipality where the certificate was issued |
TPP_SUBJECTO | Subject Organization, being the name of the organization to which the certificate was issued |
TPP_SUBJECTOU | Subject Organizational Unit, being the name of the division or department to which the certificate was issued |
TPP_ENDPOINTS.0 | Number of endpoints (LPARs) processed |
TPP_ENDPOINTS.X.CERTLABEL | Certificate label for endpoint X |
TPP_ENDPOINTS.X.CERTOWNERID | Owner ID for the certificate for endpoint X |
TPP_ENDPOINTS.X.RINGS | Number of key rings for the certificate in TPP for endpoint X |
TPP_ENDPOINTS.X.SITECERTIFICATE | Indicates if this is a site certificate for endpoint X:
|
TPP_ENDPOINTS.X.TARGETENVIRONMENT | The target environment for endpoint X |
TPP_KEYRINGS.0 | Number of key rings provided by TPP |
TPP_KEYRINGS.X.DEFAULTCERT | Indicates if the certificate is the default certificate in the key ring:
|
TPP_KEYRINGS.X.KEYRINGNAME | key ring name |
TPP_KEYRINGS.X.OWNERID | Owner ID for the key ring |
Sample post-implementation script
/* Rexx */
/*------------------------------------------------------------------*/
/* BMC AMI Enterprise Connector for Venafi */
/* */
/* This is the Venafi-TPP Post Implementation Sample REXX Exit */
/* This Exit can be coded by the customers to run commands after */
/* the Certificate implementation step. */
/* */
/* Please see the EC for Venafi Documentation for more information */
/* */
/* POSTIMPL requires update prior to usage */
/* */
/* (c) BMC Software Ltd. 2020-2025 */
/*------------------------------------------------------------------*/
parse arg arg1, arg2, arg3, arg4, arg5, arg6
/*------------------------------------------------------------------*/
/* Retrieve Script name */
/*------------------------------------------------------------------*/
Parse source . . exec_mem . exec_dsn . . envname .
/*------------------------------------------------------------------*/
/* Retrieve the entry variable making them available for use */
/*------------------------------------------------------------------*/
rc = ecentry()
if rc<>0 then nop /* Can modify if checking for errors */
/*------------------------------------------------------------------*/
/* Issue "Starting" message directly to the EC for Venafi Agent log */
/*------------------------------------------------------------------*/
call rsvxlog '****************', exec_mem 'Exit Started ***************'
/*------------------------------------------------------------------*/
/* Display variable content to the EC for Venafi SYSTSPRT log */
/*------------------------------------------------------------------*/
say ' '
say 'System = 'EC_Sysid
say 'Gateway = 'EC_Gateway
say 'ESM = 'ecesm()
say 'arg1 = 'arg1
say 'arg2 = 'arg2
say 'arg3 = 'arg3
say ' '
call rsvxlog '****************', exec_mem 'Processing ***************'
/*------------------------------------------------------------------*/
/* Issue a valid and authorized z/OS command unconditionally */
/*------------------------------------------------------------------*/
rc = issue_command('D IPLINFO')
if rc<>0 then say 'Command D IPLINFO Failure'
/*----------------------------------------------*/
/* Process/parse response to EC for Venafi Log */
/*----------------------------------------------*/
else
do i=1 to isfulog.0
say isfulog.i
end
/*------------------------------------------------------------------*/
/* Issue a valid and authorized z/OS command conditionally based on */
/* certificate name filtering... */
/* If ???? in the Certificate label, perform logic */
/*------------------------------------------------------------------*/
if pos('????', TPP_CERTLABEL) > 0 then do
rc = issue_command('D XCF')
if rc<>0 then say 'Command D XCF Failure'
/*----------------------------------------------*/
/* Process/parse response to EC for Venafi Log */
/*----------------------------------------------*/
else
do i=1 to isfulog.0
say isfulog.i
end
end
/*------------------------------------------------------------------*/
/* Issue a WTO to z/OS system log from EC for Venafi */
/*------------------------------------------------------------------*/
rc = rsvxwto('ABC1234E Message to trigger automation -'TPP_CERTLABEL)
if rc<>0 then nop /* Can modify if checking for errors */
/*------------------------------------------------------------------*/
/* Issue "Exit End" message directly to the EC for Venafi Agent log */
/*------------------------------------------------------------------*/
call rsvxlog '****************', exec_mem 'Exit Ended ***************'
/*------------------------------------------------------------------*/
/* Cleanup and return to caller */
/*------------------------------------------------------------------*/
rc = ecreturn()
if rc<>0 then nop /* Can modify if checking for errors */
/*------------------------------------------------------------------*/
/* Sample function to issue z/OS commands from EC for Venafi */
/*------------------------------------------------------------------*/
issue_command:
arg command
rc = isfcalls('ON')
cmd.0=1;cmd.1=command
Address SDSF ISFSLASH "("cmd.") (WAIT)" /* Wait for response */
rc = isfcalls('OFF')
return 0
/*------------------------------------------------------------------*/
/* Variables available for processing from within this EXIT */
/* See EC for Venafi DOC for further information on usage */
/*------------------------------------------------------------------*/
/*
Variable Value
_______________________________ ______________________________________________
EC_APPTRACE On/Off Indicates if application tracing is act
EC_ESMTYPE RACF | TSS | ACF2
EC_GATEWAY LPAR name where EC Venafi Gateway is running
EC_HLQ High Level Qualifier used for EC Venafi data set
EC_REXXTRACE On/Off Indicates it REXX tracing is active
EC_SYSID Current Agent LPAR name
EC_SYSPLEX SYSPLEX name
EC_TRANID transaction id for this transaction
EC_TRANSTATE Transaction State
TPP_CERTEXPIRY Expiry date of the certificate
TPP_CERTLABEL SiteCert
TPP_COUNTRY GB
TPP_ENDPOINT 1
TPP_ENDPOINTS.0 3
TPP_ENDPOINTS.x.CERTLABEL Certificate Label for endpoint x
TPP_ENDPOINTS.x.CERTOWNERID Owner ID for this certificate
TPP_ENDPOINTS.x.RINGS Number of keyrings for this certificate in TPP
TPP_ENDPOINTS.x.SITECERTIFICATE true | false
TPP_ENDPOINTS.x.TARGETENVIRONMENT Endpoint target environment
TPP_KEYINICSF false | true Store certificate in ICSF?
TPP_KEYRINGNAME.0 2 Number of Keyrings extracted from TPP_KE
TPP_KEYRINGNAME.1.DEFAULTCERT true Default cert within keyring?
TPP_KEYRINGNAME.1.KEYRINGNAME SCK1 Keyring name
TPP_KEYRINGNAME.1.OWNERID MVSMTT Owner
TPP_KEYRINGNAME.2.DEFAULTCERT true
TPP_KEYRINGNAME.2.KEYRINGNAME SCK2
TPP_KEYRINGNAME.2.OWNERID TSGDM
TPP_KEYRINGS.0 5 Number of keyrings provided by the TPP
TPP_KEYRINGS.1.DEFAULTCERT true
TPP_KEYRINGS.1.KEYRINGNAME SCK1
TPP_KEYRINGS.1.OWNERID MVSMTT
TPP_KEYRINGS.2.DEFAULTCERT true
TPP_KEYRINGS.2.KEYRINGNAME SCK2
TPP_KEYRINGS.2.OWNERID TSGDM
TPP_KEYRINGS.3.DEFAULTCERT true
TPP_KEYRINGS.3.KEYRINGNAME SCK3
TPP_KEYRINGS.3.OWNERID MVSMTT
TPP_KEYRINGS.4.DEFAULTCERT false
TPP_KEYRINGS.4.KEYRINGNAME SCK4
TPP_KEYRINGS.4.OWNERID MVSMTT
TPP_KEYRINGS.5.DEFAULTCERT true
TPP_KEYRINGS.5.KEYRINGNAME SCK5
TPP_KEYRINGS.5.OWNERID MVSMTT
TPP_KEYSIZE 2048 Size of key
TPP_NUMENDPOINTS 3 Total number of endpoints sent from TPP
TPP_OWNERID MVSMTT OwnerID
TPP_SITECERTIFICATE true Site Certificate?
TPP_STATE Berkshire State
TPP_SUBJECTCN test20 Common Name
TPP_SUBJECTL Crowthorne Locality
TPP_SUBJECTO BMC Software Org
TPP_SUBJECTOU IZOT Org Unit
*/
/* Rexx */
/*------------------------------------------------------------------*/
/* BMC AMI Enterprise Connector for Venafi */
/* */
/* This is the Venafi-TPP Post Implementation Sample REXX Exit */
/* This Exit can be coded by the customers to run commands after */
/* the Certificate implementation step. */
/* */
/* Please see the EC for Venafi Documentation for more information */
/* */
/* POSTIMPL requires update prior to usage */
/* */
/* (c) BMC Software Ltd. 2020-2025 */
/*------------------------------------------------------------------*/
parse arg arg1, arg2, arg3, arg4, arg5, arg6
/*------------------------------------------------------------------*/
/* Retrieve Script name */
/*------------------------------------------------------------------*/
Parse source . . exec_mem . exec_dsn . . envname .
/*------------------------------------------------------------------*/
/* Retrieve the entry variable making them available for use */
/*------------------------------------------------------------------*/
rc = ecentry()
if rc<>0 then nop /* Can modify if checking for errors */
/*------------------------------------------------------------------*/
/* Issue "Starting" message directly to the EC for Venafi Agent log */
/*------------------------------------------------------------------*/
call rsvxlog '****************', exec_mem 'Exit Started ***************'
/*------------------------------------------------------------------*/
/* Display variable content to the EC for Venafi SYSTSPRT log */
/*------------------------------------------------------------------*/
say ' '
say 'System = 'EC_Sysid
say 'Gateway = 'EC_Gateway
say 'ESM = 'ecesm()
say 'arg1 = 'arg1
say 'arg2 = 'arg2
say 'arg3 = 'arg3
say ' '
call rsvxlog '****************', exec_mem 'Processing ***************'
/*------------------------------------------------------------------*/
/* Issue a valid and authorized z/OS command unconditionally */
/*------------------------------------------------------------------*/
rc = issue_command('D IPLINFO')
if rc<>0 then say 'Command D IPLINFO Failure'
/*----------------------------------------------*/
/* Process/parse response to EC for Venafi Log */
/*----------------------------------------------*/
else
do i=1 to isfulog.0
say isfulog.i
end
/*------------------------------------------------------------------*/
/* Issue a valid and authorized z/OS command conditionally based on */
/* certificate name filtering... */
/* If ???? in the Certificate label, perform logic */
/*------------------------------------------------------------------*/
if pos('????', TPP_CERTLABEL) > 0 then do
rc = issue_command('D XCF')
if rc<>0 then say 'Command D XCF Failure'
/*----------------------------------------------*/
/* Process/parse response to EC for Venafi Log */
/*----------------------------------------------*/
else
do i=1 to isfulog.0
say isfulog.i
end
end
/*------------------------------------------------------------------*/
/* Issue a WTO to z/OS system log from EC for Venafi */
/*------------------------------------------------------------------*/
rc = rsvxwto('ABC1234E Message to trigger automation -'TPP_CERTLABEL)
if rc<>0 then nop /* Can modify if checking for errors */
/*------------------------------------------------------------------*/
/* Issue "Exit End" message directly to the EC for Venafi Agent log */
/*------------------------------------------------------------------*/
call rsvxlog '****************', exec_mem 'Exit Ended ***************'
/*------------------------------------------------------------------*/
/* Cleanup and return to caller */
/*------------------------------------------------------------------*/
rc = ecreturn()
if rc<>0 then nop /* Can modify if checking for errors */
/*------------------------------------------------------------------*/
/* Sample function to issue z/OS commands from EC for Venafi */
/*------------------------------------------------------------------*/
issue_command:
arg command
rc = isfcalls('ON')
cmd.0=1;cmd.1=command
Address SDSF ISFSLASH "("cmd.") (WAIT)" /* Wait for response */
rc = isfcalls('OFF')
return 0
/*------------------------------------------------------------------*/
/* Variables available for processing from within this EXIT */
/* See EC for Venafi DOC for further information on usage */
/*------------------------------------------------------------------*/
/*
Variable Value
_______________________________ ______________________________________________
EC_APPTRACE On/Off Indicates if application tracing is act
EC_ESMTYPE RACF | TSS | ACF2
EC_GATEWAY LPAR name where EC Venafi Gateway is running
EC_HLQ High Level Qualifier used for EC Venafi data set
EC_REXXTRACE On/Off Indicates it REXX tracing is active
EC_SYSID Current Agent LPAR name
EC_SYSPLEX SYSPLEX name
EC_TRANID transaction id for this transaction
EC_TRANSTATE Transaction State
TPP_CERTEXPIRY Expiry date of the certificate
TPP_CERTLABEL SiteCert
TPP_COUNTRY GB
TPP_ENDPOINT 1
TPP_ENDPOINTS.0 3
TPP_ENDPOINTS.x.CERTLABEL Certificate Label for endpoint x
TPP_ENDPOINTS.x.CERTOWNERID Owner ID for this certificate
TPP_ENDPOINTS.x.RINGS Number of keyrings for this certificate in TPP
TPP_ENDPOINTS.x.SITECERTIFICATE true | false
TPP_ENDPOINTS.x.TARGETENVIRONMENT Endpoint target environment
TPP_KEYINICSF false | true Store certificate in ICSF?
TPP_KEYRINGNAME.0 2 Number of Keyrings extracted from TPP_KE
TPP_KEYRINGNAME.1.DEFAULTCERT true Default cert within keyring?
TPP_KEYRINGNAME.1.KEYRINGNAME SCK1 Keyring name
TPP_KEYRINGNAME.1.OWNERID MVSMTT Owner
TPP_KEYRINGNAME.2.DEFAULTCERT true
TPP_KEYRINGNAME.2.KEYRINGNAME SCK2
TPP_KEYRINGNAME.2.OWNERID TSGDM
TPP_KEYRINGS.0 5 Number of keyrings provided by the TPP
TPP_KEYRINGS.1.DEFAULTCERT true
TPP_KEYRINGS.1.KEYRINGNAME SCK1
TPP_KEYRINGS.1.OWNERID MVSMTT
TPP_KEYRINGS.2.DEFAULTCERT true
TPP_KEYRINGS.2.KEYRINGNAME SCK2
TPP_KEYRINGS.2.OWNERID TSGDM
TPP_KEYRINGS.3.DEFAULTCERT true
TPP_KEYRINGS.3.KEYRINGNAME SCK3
TPP_KEYRINGS.3.OWNERID MVSMTT
TPP_KEYRINGS.4.DEFAULTCERT false
TPP_KEYRINGS.4.KEYRINGNAME SCK4
TPP_KEYRINGS.4.OWNERID MVSMTT
TPP_KEYRINGS.5.DEFAULTCERT true
TPP_KEYRINGS.5.KEYRINGNAME SCK5
TPP_KEYRINGS.5.OWNERID MVSMTT
TPP_KEYSIZE 2048 Size of key
TPP_NUMENDPOINTS 3 Total number of endpoints sent from TPP
TPP_OWNERID MVSMTT OwnerID
TPP_SITECERTIFICATE true Site Certificate?
TPP_STATE Berkshire State
TPP_SUBJECTCN test20 Common Name
TPP_SUBJECTL Crowthorne Locality
TPP_SUBJECTO BMC Software Org
TPP_SUBJECTOU IZOT Org Unit
*/
/*------------------------------------------------------------------*/
/* BMC AMI Enterprise Connector for Venafi */
/* */
/* This is the Venafi-TPP Post Implementation Sample REXX Exit */
/* This Exit can be coded by the customers to run commands after */
/* the Certificate implementation step. */
/* */
/* Please see the EC for Venafi Documentation for more information */
/* */
/* POSTIMPL requires update prior to usage */
/* */
/* (c) BMC Software Ltd. 2020-2025 */
/*------------------------------------------------------------------*/
parse arg arg1, arg2, arg3, arg4, arg5, arg6
/*------------------------------------------------------------------*/
/* Retrieve Script name */
/*------------------------------------------------------------------*/
Parse source . . exec_mem . exec_dsn . . envname .
/*------------------------------------------------------------------*/
/* Retrieve the entry variable making them available for use */
/*------------------------------------------------------------------*/
rc = ecentry()
if rc<>0 then nop /* Can modify if checking for errors */
/*------------------------------------------------------------------*/
/* Issue "Starting" message directly to the EC for Venafi Agent log */
/*------------------------------------------------------------------*/
call rsvxlog '****************', exec_mem 'Exit Started ***************'
/*------------------------------------------------------------------*/
/* Display variable content to the EC for Venafi SYSTSPRT log */
/*------------------------------------------------------------------*/
say ' '
say 'System = 'EC_Sysid
say 'Gateway = 'EC_Gateway
say 'ESM = 'ecesm()
say 'arg1 = 'arg1
say 'arg2 = 'arg2
say 'arg3 = 'arg3
say ' '
call rsvxlog '****************', exec_mem 'Processing ***************'
/*------------------------------------------------------------------*/
/* Issue a valid and authorized z/OS command unconditionally */
/*------------------------------------------------------------------*/
rc = issue_command('D IPLINFO')
if rc<>0 then say 'Command D IPLINFO Failure'
/*----------------------------------------------*/
/* Process/parse response to EC for Venafi Log */
/*----------------------------------------------*/
else
do i=1 to isfulog.0
say isfulog.i
end
/*------------------------------------------------------------------*/
/* Issue a valid and authorized z/OS command conditionally based on */
/* certificate name filtering... */
/* If ???? in the Certificate label, perform logic */
/*------------------------------------------------------------------*/
if pos('????', TPP_CERTLABEL) > 0 then do
rc = issue_command('D XCF')
if rc<>0 then say 'Command D XCF Failure'
/*----------------------------------------------*/
/* Process/parse response to EC for Venafi Log */
/*----------------------------------------------*/
else
do i=1 to isfulog.0
say isfulog.i
end
end
/*------------------------------------------------------------------*/
/* Issue a WTO to z/OS system log from EC for Venafi */
/*------------------------------------------------------------------*/
rc = rsvxwto('ABC1234E Message to trigger automation -'TPP_CERTLABEL)
if rc<>0 then nop /* Can modify if checking for errors */
/*------------------------------------------------------------------*/
/* Issue "Exit End" message directly to the EC for Venafi Agent log */
/*------------------------------------------------------------------*/
call rsvxlog '****************', exec_mem 'Exit Ended ***************'
/*------------------------------------------------------------------*/
/* Cleanup and return to caller */
/*------------------------------------------------------------------*/
rc = ecreturn()
if rc<>0 then nop /* Can modify if checking for errors */
/*------------------------------------------------------------------*/
/* Sample function to issue z/OS commands from EC for Venafi */
/*------------------------------------------------------------------*/
issue_command:
arg command
rc = isfcalls('ON')
cmd.0=1;cmd.1=command
Address SDSF ISFSLASH "("cmd.") (WAIT)" /* Wait for response */
rc = isfcalls('OFF')
return 0
/*------------------------------------------------------------------*/
/* Variables available for processing from within this EXIT */
/* See EC for Venafi DOC for further information on usage */
/*------------------------------------------------------------------*/
/*
Variable Value
_______________________________ ______________________________________________
EC_APPTRACE On/Off Indicates if application tracing is act
EC_ESMTYPE RACF | TSS | ACF2
EC_GATEWAY LPAR name where EC Venafi Gateway is running
EC_HLQ High Level Qualifier used for EC Venafi data set
EC_REXXTRACE On/Off Indicates it REXX tracing is active
EC_SYSID Current Agent LPAR name
EC_SYSPLEX SYSPLEX name
EC_TRANID transaction id for this transaction
EC_TRANSTATE Transaction State
TPP_CERTEXPIRY Expiry date of the certificate
TPP_CERTLABEL SiteCert
TPP_COUNTRY GB
TPP_ENDPOINT 1
TPP_ENDPOINTS.0 3
TPP_ENDPOINTS.x.CERTLABEL Certificate Label for endpoint x
TPP_ENDPOINTS.x.CERTOWNERID Owner ID for this certificate
TPP_ENDPOINTS.x.RINGS Number of keyrings for this certificate in TPP
TPP_ENDPOINTS.x.SITECERTIFICATE true | false
TPP_ENDPOINTS.x.TARGETENVIRONMENT Endpoint target environment
TPP_KEYINICSF false | true Store certificate in ICSF?
TPP_KEYRINGNAME.0 2 Number of Keyrings extracted from TPP_KE
TPP_KEYRINGNAME.1.DEFAULTCERT true Default cert within keyring?
TPP_KEYRINGNAME.1.KEYRINGNAME SCK1 Keyring name
TPP_KEYRINGNAME.1.OWNERID MVSMTT Owner
TPP_KEYRINGNAME.2.DEFAULTCERT true
TPP_KEYRINGNAME.2.KEYRINGNAME SCK2
TPP_KEYRINGNAME.2.OWNERID TSGDM
TPP_KEYRINGS.0 5 Number of keyrings provided by the TPP
TPP_KEYRINGS.1.DEFAULTCERT true
TPP_KEYRINGS.1.KEYRINGNAME SCK1
TPP_KEYRINGS.1.OWNERID MVSMTT
TPP_KEYRINGS.2.DEFAULTCERT true
TPP_KEYRINGS.2.KEYRINGNAME SCK2
TPP_KEYRINGS.2.OWNERID TSGDM
TPP_KEYRINGS.3.DEFAULTCERT true
TPP_KEYRINGS.3.KEYRINGNAME SCK3
TPP_KEYRINGS.3.OWNERID MVSMTT
TPP_KEYRINGS.4.DEFAULTCERT false
TPP_KEYRINGS.4.KEYRINGNAME SCK4
TPP_KEYRINGS.4.OWNERID MVSMTT
TPP_KEYRINGS.5.DEFAULTCERT true
TPP_KEYRINGS.5.KEYRINGNAME SCK5
TPP_KEYRINGS.5.OWNERID MVSMTT
TPP_KEYSIZE 2048 Size of key
TPP_NUMENDPOINTS 3 Total number of endpoints sent from TPP
TPP_OWNERID MVSMTT OwnerID
TPP_SITECERTIFICATE true Site Certificate?
TPP_STATE Berkshire State
TPP_SUBJECTCN test20 Common Name
TPP_SUBJECTL Crowthorne Locality
TPP_SUBJECTO BMC Software Org
TPP_SUBJECTOU IZOT Org Unit
*/
/* Rexx */
/*------------------------------------------------------------------*/
/* BMC AMI Enterprise Connector for Venafi */
/* */
/* This is the Venafi-TPP Post Implementation Sample REXX Exit */
/* This Exit can be coded by the customers to run commands after */
/* the Certificate implementation step. */
/* */
/* Please see the EC for Venafi Documentation for more information */
/* */
/* POSTIMPL requires update prior to usage */
/* */
/* (c) BMC Software Ltd. 2020-2025 */
/*------------------------------------------------------------------*/
parse arg arg1, arg2, arg3, arg4, arg5, arg6
/*------------------------------------------------------------------*/
/* Retrieve Script name */
/*------------------------------------------------------------------*/
Parse source . . exec_mem . exec_dsn . . envname .
/*------------------------------------------------------------------*/
/* Retrieve the entry variable making them available for use */
/*------------------------------------------------------------------*/
rc = ecentry()
if rc<>0 then nop /* Can modify if checking for errors */
/*------------------------------------------------------------------*/
/* Issue "Starting" message directly to the EC for Venafi Agent log */
/*------------------------------------------------------------------*/
call rsvxlog '****************', exec_mem 'Exit Started ***************'
/*------------------------------------------------------------------*/
/* Display variable content to the EC for Venafi SYSTSPRT log */
/*------------------------------------------------------------------*/
say ' '
say 'System = 'EC_Sysid
say 'Gateway = 'EC_Gateway
say 'ESM = 'ecesm()
say 'arg1 = 'arg1
say 'arg2 = 'arg2
say 'arg3 = 'arg3
say ' '
call rsvxlog '****************', exec_mem 'Processing ***************'
/*------------------------------------------------------------------*/
/* Issue a valid and authorized z/OS command unconditionally */
/*------------------------------------------------------------------*/
rc = issue_command('D IPLINFO')
if rc<>0 then say 'Command D IPLINFO Failure'
/*----------------------------------------------*/
/* Process/parse response to EC for Venafi Log */
/*----------------------------------------------*/
else
do i=1 to isfulog.0
say isfulog.i
end
/*------------------------------------------------------------------*/
/* Issue a valid and authorized z/OS command conditionally based on */
/* certificate name filtering... */
/* If ???? in the Certificate label, perform logic */
/*------------------------------------------------------------------*/
if pos('????', TPP_CERTLABEL) > 0 then do
rc = issue_command('D XCF')
if rc<>0 then say 'Command D XCF Failure'
/*----------------------------------------------*/
/* Process/parse response to EC for Venafi Log */
/*----------------------------------------------*/
else
do i=1 to isfulog.0
say isfulog.i
end
end
/*------------------------------------------------------------------*/
/* Issue a WTO to z/OS system log from EC for Venafi */
/*------------------------------------------------------------------*/
rc = rsvxwto('ABC1234E Message to trigger automation -'TPP_CERTLABEL)
if rc<>0 then nop /* Can modify if checking for errors */
/*------------------------------------------------------------------*/
/* Issue "Exit End" message directly to the EC for Venafi Agent log */
/*------------------------------------------------------------------*/
call rsvxlog '****************', exec_mem 'Exit Ended ***************'
/*------------------------------------------------------------------*/
/* Cleanup and return to caller */
/*------------------------------------------------------------------*/
rc = ecreturn()
if rc<>0 then nop /* Can modify if checking for errors */
/*------------------------------------------------------------------*/
/* Sample function to issue z/OS commands from EC for Venafi */
/*------------------------------------------------------------------*/
issue_command:
arg command
rc = isfcalls('ON')
cmd.0=1;cmd.1=command
Address SDSF ISFSLASH "("cmd.") (WAIT)" /* Wait for response */
rc = isfcalls('OFF')
return 0
/*------------------------------------------------------------------*/
/* Variables available for processing from within this EXIT */
/* See EC for Venafi DOC for further information on usage */
/*------------------------------------------------------------------*/
/*
Variable Value
_______________________________ ______________________________________________
EC_APPTRACE On/Off Indicates if application tracing is act
EC_ESMTYPE RACF | TSS | ACF2
EC_GATEWAY LPAR name where EC Venafi Gateway is running
EC_HLQ High Level Qualifier used for EC Venafi data set
EC_REXXTRACE On/Off Indicates it REXX tracing is active
EC_SYSID Current Agent LPAR name
EC_SYSPLEX SYSPLEX name
EC_TRANID transaction id for this transaction
EC_TRANSTATE Transaction State
TPP_CERTEXPIRY Expiry date of the certificate
TPP_CERTLABEL SiteCert
TPP_COUNTRY GB
TPP_ENDPOINT 1
TPP_ENDPOINTS.0 3
TPP_ENDPOINTS.x.CERTLABEL Certificate Label for endpoint x
TPP_ENDPOINTS.x.CERTOWNERID Owner ID for this certificate
TPP_ENDPOINTS.x.RINGS Number of keyrings for this certificate in TPP
TPP_ENDPOINTS.x.SITECERTIFICATE true | false
TPP_ENDPOINTS.x.TARGETENVIRONMENT Endpoint target environment
TPP_KEYINICSF false | true Store certificate in ICSF?
TPP_KEYRINGNAME.0 2 Number of Keyrings extracted from TPP_KE
TPP_KEYRINGNAME.1.DEFAULTCERT true Default cert within keyring?
TPP_KEYRINGNAME.1.KEYRINGNAME SCK1 Keyring name
TPP_KEYRINGNAME.1.OWNERID MVSMTT Owner
TPP_KEYRINGNAME.2.DEFAULTCERT true
TPP_KEYRINGNAME.2.KEYRINGNAME SCK2
TPP_KEYRINGNAME.2.OWNERID TSGDM
TPP_KEYRINGS.0 5 Number of keyrings provided by the TPP
TPP_KEYRINGS.1.DEFAULTCERT true
TPP_KEYRINGS.1.KEYRINGNAME SCK1
TPP_KEYRINGS.1.OWNERID MVSMTT
TPP_KEYRINGS.2.DEFAULTCERT true
TPP_KEYRINGS.2.KEYRINGNAME SCK2
TPP_KEYRINGS.2.OWNERID TSGDM
TPP_KEYRINGS.3.DEFAULTCERT true
TPP_KEYRINGS.3.KEYRINGNAME SCK3
TPP_KEYRINGS.3.OWNERID MVSMTT
TPP_KEYRINGS.4.DEFAULTCERT false
TPP_KEYRINGS.4.KEYRINGNAME SCK4
TPP_KEYRINGS.4.OWNERID MVSMTT
TPP_KEYRINGS.5.DEFAULTCERT true
TPP_KEYRINGS.5.KEYRINGNAME SCK5
TPP_KEYRINGS.5.OWNERID MVSMTT
TPP_KEYSIZE 2048 Size of key
TPP_NUMENDPOINTS 3 Total number of endpoints sent from TPP
TPP_OWNERID MVSMTT OwnerID
TPP_SITECERTIFICATE true Site Certificate?
TPP_STATE Berkshire State
TPP_SUBJECTCN test20 Common Name
TPP_SUBJECTL Crowthorne Locality
TPP_SUBJECTO BMC Software Org
TPP_SUBJECTOU IZOT Org Unit
*/
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*