PKI Services provides a certificate authority for the z/OS environment and enables you to issue and administer digital certificates, so that you do not have to purchase them from an external certificate authority. This information discusses the following topics:

• Procedures for setting up PKI Services on the z/OS platform.
• Using the PKI Services administration and user Web pages. With these Web pages, you can easily issue digital certificates to trusted parties and control whether or not a certificate is renewed or revoked.
• Guidelines to help you plan for PKI Services, such as how to integrate PKI Services components with other products installed at your site.

This information should be used by those who plan, install, customize, administer, and use PKI Services. It should also be used by those who install, configure, or provide support in the following areas:

• Lightweight Directory Access Protocol (LDAP)
• Open Cryptographic Services Facility (OCSF)
• Resource Access Control Facility (RACF)
• z/OS
• IBM HTTP Server
• z/OS UNIX System Services
• (optional) Integrated Cryptographic Service Facility (ICSF)
• (optional) Open Cryptographic Enhanced Plug-ins (OCEP)
• (optional) z/OS® Communications Server's sendmail utility

This information assumes that you have experience with installing and configuring products in a network environment. You should be knowledgeable about the following concepts and protocols:

• Hardware installation and configuration
• Internet communications protocols, in particular Transmission Control Protocol/Internet Protocol (TCP/IP) and Secure Sockets Layer (SSL)
• Public key infrastructure (PKI) technology, including directory schemas, the X.509 version 3 standard, and the Lightweight Directory Access Protocol (LDAP)