System Security Applications

The following table describes some system security applications available for generating certificates. Review the documentation for your security application for detailed instructions for generating certificates. See Certificate Parameter Definitions, for more information on creating certificates using these tools.

Certificate Tool Description
gskkyman IBM® utility for creating and managing digital certificates and public and private keys stored in a key database. Files created using the gskkyman utility have the following default names:
  • key.kdb = private key file
  • certreq.arm = Certificate Signing Request (CSR) file
  • cert.arm = public key file

The gskkyman utility loads currently available CA certificates to the key database.

Resource Access Control Facility (RACF) An IBM application that provides access control by identifying users to the system; verifying users of the system; authorizing access to protected resources; logging detected, unauthorized attempts to enter the system; and logging detected accesses to protected resources. The RACF utility can be used to create, store, and manage keys, digital self-signed or CA-signed certificates, and key rings. Because the RACF application can manage multiple key rings, certificates and key rings are added to the RACF database independently and then a certificate is associated with one or more key rings. For example, you can add the CA public key to your database and associate the certificates of your trading partners created by that CA with its public key.

The RACF utility does not assign default names to the files you generate with it.

Computer Associates Access Control Facility (CA-ACF2) Security application, similar to the RACF application, that enables you to authenticate users and to protect a variety of z/OS® resources. You can generate, administer, and process certificate requests, export keys, and manage key rings.

The CA-ACF2 application does not assign default names to the files you generate with it.

CA-Top Secret Security application, similar to the RACF application, that protects your mainframe computer systems and data by controlling access to resources and enables you to generate, administer, and process certificate requests, export keys, and manage key rings.

The CA-Top Secret application does not assign default names to the files you generate with it.