| File name | Release | Description | Reason for change |
|---|---|---|---|
businesscat.jsp |
z/OS® V2R1 | New: The HTML and JavaScript for defining the Businesscat, Jurcountry, Jurlocality, and Jurstateprov fields. | Support for Extended Validation (EV) certificates |
| altdomain.jsp, altipaddr.jsp, alturi.jsp, altemail.jsp | z/OS V1R12 | Updated: Allow repeatable AltDomain, AltIPAddr, AltURI, and AltEmail fields. | Multiple instances of name forms in Subject Alternate Name extension |
| cagetcert.rexx, cagetcert2.rexx | z/OS V2R1 | Updated: cagetcert.rexx was split in 2. The new CGI is cagetcert2.rexx, which is used to return a PKCS #12 package. | Support for HTTP Server V7.0 |
| carecover.rexx | z/OS V2R1 | New: Displays a new web page to recover a certificate. | Release update |
| CustomExt.jsp | z/OS V1R12 | New: The HTML and JavaScript for defining custom certificate extensions. | Custom certificate extensions |
| httpd.conf | z/OS V2R1 | New: The main configuration file for HTTP Server V7.0. | Support for HTTP Server V7.0 |
| httpd.conf | z/OS V1R13 | Updated: Added 2 new Pass statements for the PKIXEnroll and PKICEnroll ActiveX installation programs. | Ensure that renewal of certificates works with Internet Explorer on Microsoft Windows systems |
| httpd2.conf | z/OS V1R13 | Updated: Added two new Pass and two new Protect statements for the PKIXEnroll and PKICEnroll ActiveX installation programs. | Ensure that renewal of certificates works with Internet Explorer on Microsoft Windows systems |
| installcert.jsp | z/OS V1R13 | New: Allows a user to install an automatically renewed certificate with the Internet Explorer browser. | Ensure that renewal of certificates works with Internet Explorer on Microsoft Windows systems |
| pkiexit.c | z/OS V1R12 | Updated:
|
Release update |
| pkiserv.conf | z/OS V2R1 | Updated: Added new OIDs for BUSINESSCATEGORY, JURISDICTIONCOUNTRY, JURISDICTIONSTATEPROV, and JURISTDICTIONLOCALITY | Support for Extended Validation (EV) certificates |
| z/OS V2R1 | Updated: Added a keyword SecureKey that allows PKI Services to generate secure keys in the token data set (TKDS) instead of clear keys. | Enterprise PKCS #11 secure key support | |
| z/OS V2R1 | Updated: Added a keyword, AdminGranularControl, that determines whether granular control of administration functions is in effect | Granular control of administration functions | |
| z/OS V2R1 | Updated: Added a keyword CRLWTONotification to specify whether a console message is issued when CRL processing is complete. | CRL notification | |
| z/OS V2R1 | Updated: Added a keyword EnablePathLenConstraint to specify whether certificate path length constraint is enforced by the CA | Path length constraint | |
| z/OS V2R1 | Updated: The keywords Policy1Org, Policy1Notice1, and Policy1Notice2 are now commented out, and are not created by default. | CertificatePolicies extension | |
| z/OS V2R1 | Updated: Added a keyword PathLength to specify the path length constraint value to be included in the basic constraints extension of intermediate CA certificates that are created by the CA. | Path length constraint | |
| z/OS V2R1 | Updated: Added a keyword UseBinaryAttr1 to specify whether the CA posts certificates and CRLs to the LDAP server with the binary attribute. | Conformance with RFC 4523 | |
| z/OS V1R13 | Updated: Added a keyword to specify whether the repository for the object store and issued certificate list (ICL) is DB2 or VSAM. Added new keywords to specify the DB2 subsystem and package name if the repository is DB2. | DB2 repository for object store and issued certificate list (ICL) | |
| z/OS V1R13 | Updated: Renamed the SharedVSAM keyword to SharedPLEX. It now applies to both VSAM and DB2 repositories. | DB2 repository for object store and issued certificate list (ICL) | |
| z/OS V1R13 | Updated: Added a keyword to indicate whether posting of large CRLs is enabled, and a keyword to specify the directory where CRLs are saved before they are posted to LDAP | Support for large CRLs | |
| pkiserv.conf (continued) | z/OS V1R12 | Updated: Added a keyword to indicate whether certificates generated by PKI Services are constrained within the CA certificate's life time. | Release update |
| z/OS V1R12 | Updated: Added a keyword that specifies the days on which the daily maintenance task is to run. | Release update | |
| z/OS V1R12 | Updated: Added a keyword that specifies the time at which the daily maintenance task is to run. | Release update | |
| z/OS V1R12 | Updated: Added a keyword that specifies whether the daily maintenance task runs during PKI Services startup. | Release update | |
| z/OS V1R12 | Updated: Added new signature algorithm OIDs for elliptic curve cryptography (ECC) algorithms. | Support for elliptic curve cryptography (ECC) | |
| z/OS V1R12 | Updated: Added new signature algorithm OIDs for SHA224, SHA384, and SHA512 with RSA encryption. | Release update | |
| z/OS V1R12 | Updated: Changed the default signature algorithm to SHA256 with RSA encryption. | Release update | |
| z/OS V1R12 | Updated: Added a keyword that specifies whether support for certificate management protocol (CMP) messages is enabled. | Support for certificate management protocol (CMP) | |
| pkiserv.envars | z/OS V1R12 | Updated: Changed the default for the PATH variable to /bin. | Release update |
| pkiserv.tmpl | z/OS V2R1 | Updated: Added the template "2-Year EV SSL Server Certificate". | Support for Extended Validation (EV) certificates |
| z/OS V2R1 | Updated: Added 4 INSERTs: BusinessCat, JurLocality, JurStateProv, and JurCountry. | Support for Extended Validation (EV) certificates | |
| z/OS V2R1 | Updated: A new RECOVERCONTENT subsection was added to recover a previously issued certificate whose key was generated by PKI Services. | Release update | |
| z/OS V2R1 | Updated: Points to the new cagetcert2.rexx instead of cagetcert.rexx in the action URLs for the recovery form and retrieval form that is used for returning a PKCS #12 package on the Customer Application section and the 1-Year PKI Generated Key certificate template. | Support for HTTP Server V7.0 | |
| z/OS V1R13 | Updated: In the Customers application, added a link on the Customers Certificate Generation Application web page to install the PKI Services ActiveX control, and added code to determine which ActiveX control to install. On the Customers Renew or Revoke a Browser Certificate web page, added code to prompt the user to load the ActiveX control if it is not already installed and CAPICOM is not installed. | Ensure that renewal of certificates works with Internet Explorer on Microsoft Windows systems | |
| z/OS V1R13 | Updated: The RenewKeySetIE INSERT calls the new ActiveX control, and if it is not installed, calls CAPICOM. If neither is installed, the user is prompted to install the ActiveX control. | Ensure that renewal of certificates works with Internet Explorer on Microsoft Windows systems | |
| z/OS V1R13 | Updated: The Two-year PKI Windows logon certificate supports requests from Mozilla-based browsers. | Allow Mozilla-based browsers to support smart cards to generate certificates | |
| z/OS V1R12 | Updated: The KeySize INSERT was updated to combine key size and key algorithm. The 1-Year PKI Generated Key template was updated to demonstrate the use of the new INSERT. | Support for elliptic curve cryptography (ECC) | |
| z/OS V1R12 | Updated: A new CustomExt INSERT was added for defining custom certificate extensions. The n-year PKI browser certificate was updated to demonstrate the CustomExt INSERT. | Custom certificate extensions | |
| z/OS V1R12 | Updated: Allow repeatable AltDomain, AltIPAddr, AltURI, and AltEmail INSERTs. | Multiple instances of name forms in Subject Alternate Name extension | |
| PKIServ.xsd | z/OS V1R13 | Updated: Added PKIXEnroll and PKICEnroll ActiveX Install Tags. | Ensure that renewal of certificates works with Internet Explorer on Microsoft Windows systems |
| z/OS V1R12 | Updated: Added a Custom Extension tag. | Custom certificate extensions | |
| z/OS V1R12 | Updated: Changed the maxOccurs attribute for certificate template elements CustomExt, AltIPAddr, AltEmail, AltURI, AltDomain from "1" to "unbounded". | Release update | |
| pkitmpl.xml | z/OS V2R1 | Updated: Added the template "2-Year EV SSL Server Certificate". | Support for Extended Validation (EV) certificates |
| z/OS V1R13 | Updated: Added tags for the PKIXEnroll and PKICEnroll ActiveX URLs for installation programs, and updated the CA certificate URL tag to include additional URL elements. | Ensure that renewal of certificates works with Internet Explorer on Microsoft Windows systems | |
| z/OS V1R12 | Updated: The 1-Year PKI generated key certificate request was updated to demonstrate the use of the new JSP. | Support for elliptic curve cryptography (ECC) | |
| z/OS V1R12 | Updated: The n-year PKI browser certificate was updated to demonstrate the use of CustomExt.jsp. | Custom certificate extensions | |
| qrecover.jsp | z/OS V2R1 | New: Displays a new web page to recover a certificate. | Release update |
| renewheader.jsp | z/OS V1R13 | Updated: Added script to determine which ActiveX control to load. | Ensure that renewal of certificates works with Internet Explorer on Microsoft Windows systems |
| renewkeyset.jsp | z/OS V1R13 | Updated: Calls the new ActiveX control, and if it is not installed, calls CAPICOM. If neither is installed, the user is prompted to install the ActiveX control. | Ensure that renewal of certificates works with Internet Explorer on Microsoft Windows systems |
| vhost80.conf | z/OS V2R1 | New: The configuration file for non-SSL processing for HTTP Server V7.0. | Support for HTTP Server V7.0 |
| vhost443.conf | z/OS V2R1 | New: The configuration file for server authentication in SSL processing for HTTP Server V7.0. | Support for HTTP Server V7.0 |
| vhost1443.conf | z/OS V2R1 | New: The configuration file for client authentication in SSL processing for HTTP Server V7.0, | Support for HTTP Server V7.0 |