Setting asymmetric master keys for the first time in a sysplex
environment can be accomplished using:
Before setting asymmetric master keys for the first time in a sysplex
environment, you will need to allocate an empty PKDS. For information
about defining a PKDS, see z/OS Cryptographic Services ICSF System Programmer's Guide.
Once you have allocated an empty PKDS, all LPARs that will share
this PKDS must update their ICSF options data set to use this PKDS
as their active PKDS. On the first LPAR that starts ICSF, you will
load the asymmetric master keys, initialize the PKDS, and set the
asymmetric master keys. On all other LPARs that will share the same
active PKDS, you will only load the same master keys, and then set
the master key. You should only initialize the PKDS once from the
first LPAR that started ICSF.
- Using master key entry
- Master key entry may be used to set master keys in a sysplex environment.
- Using pass phrase initialization
- The pass phrase initialization utility can be used to set master
keys and initialize the CKDS and PKDS in a sysplex environment.
- Start ICSF in the first LPAR and follow the instructions in Using the pass phrase initialization utility.
- Once the first LPAR has been successfully initialized, start ICSF
in the other LPARs that are sharing the same active PKDS.
- From each LPAR that is sharing the same active PKDS, go to the
Pass Phrase Initialization panel, and:
- Enter the same pass phrase as entered on the first LPAR
- Select 'Reinitialize System'.
- Enter the same CKDS name and PKDS name as entered on the first
LPAR.
These steps will load and set the same master keys as in the
first LPAR and activate the same PKDS.