System Security Applications
The following table describes some system security applications available for generating certificates. Review the documentation for your security application for detailed instructions for generating certificates. See Certificate Parameter Definitions, for more information on creating certificates using these tools.
Certificate Tool | Description |
---|---|
gskkyman | IBM® utility
for creating and managing digital certificates and public and private
keys stored in a key database. Files created using the gskkyman utility
have the following default names:
The gskkyman utility loads currently available CA certificates to the key database. |
Resource Access Control Facility (RACF) | An IBM application
that provides access control by identifying users to the system; verifying
users of the system; authorizing access to protected resources; logging
detected, unauthorized attempts to enter the system; and logging detected
accesses to protected resources. The RACF utility
can be used to create, store, and manage keys, digital self-signed
or CA-signed certificates, and key rings. Because the RACF application can manage multiple key rings,
certificates and key rings are added to the RACF database independently and then a certificate
is associated with one or more key rings. For example, you can add
the CA public key to your database and associate the certificates
of your trading partners created by that CA with its public key. The RACF utility does not assign default names to the files you generate with it. |
Computer Associates Access Control Facility (CA-ACF2) | Security application, similar to the RACF application, that enables you to authenticate
users and to protect a variety of z/OS® resources.
You can generate, administer, and process certificate requests, export
keys, and manage key rings. The CA-ACF2 application does not assign default names to the files you generate with it. |
CA-Top Secret | Security application, similar to the RACF application, that protects your mainframe
computer systems and data by controlling access to resources and enables
you to generate, administer, and process certificate requests, export
keys, and manage key rings. The CA-Top Secret application does not assign default names to the files you generate with it. |