Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Setting up PKI Services to create private keys for CMP clients z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|
PKI Services can create private keys for CMP clients and return
a private key with a certificate. It uses the PKCS #11 API provided
by ICSF to create private keys. Note, however, that PKI Services does
not archive the private keys in the ICSF token data set (TKDS), as
it does for private keys that it creates for certificate requests
it receives from the end-user Web application. To allow PKI
Services to create private keys, you must ensure that the ICSF programmer
has installed and configured ICSF, and has set up the TKDS. For more
information, see Installing and configuring ICSF (optional).
Note: You do not
need to perform any of the other tasks described in Steps for setting up PKI Services to generate keys for certificate requests, such as setting the TokenName parameter
in the configuration file, to allow the PKI Services CMP CGI program
to generate private keys for CMP clients. Those tasks apply only to
private key generation done by the PKI Services daemon, for certificates
requested via the PKI Services Web application.
|
Copyright IBM Corporation 1990, 2014
|