What is PKI Services?

z/OS® Cryptographic Services PKI Services allows you to use z/OS to establish a PKI infrastructure and serve as a certificate authority for your internal and external users, issuing and administering digital certificates in accordance with your own organization's policies. Your users can use a PKI Services application to request and obtain certificates through their own web browsers, while your authorized PKI administrators approve, modify, or reject these requests through their own web browsers. The web applications provided with PKI Services are highly customizable, and a programming exit is also included for advanced customization. You can allow automatic approval for certificate requests from certain users and, to provide additional authentication, add host IDs, such as RACF® user IDs, to certificates you issue for certain users. You can also issue your own certificates for browsers, servers, and other purposes, such as virtual private network (VPN) devices, smart cards, and secure email.

PKI Services supports Public Key Infrastructure for X.509 version 3 (PKIX) and Common Data Security Architecture (CDSA) cryptographic standards. It also supports the following functions:
  • The delivery of certificates through the Secure Sockets Layer (SSL) for use with applications that are accessed from a web browser or web server.
  • The delivery of certificates that support the Internet Protocol Security standard (IPSEC) for use with secure VPN applications or IPSEC-enabled devices.
  • The delivery of certificates that support Secure Multipurpose Internet Mail Extensions (S/MIME), for use with secure email applications.