z/OS Cryptographic Services PKI Services Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Supported certificate fields and extensions

z/OS Cryptographic Services PKI Services Guide and Reference
SA23-2286-00

PKI Services certificates support most of the fields and extensions defined in the X.509 version 3 (X.509v3) standard. This support lets you use these certificates for most cryptographic purposes, such as SSL, IPSEC, VPN, and S/MIME.

PKI Services supports Basic Latin and Latin-1 supplement characters in the Subject Distinguished Name, Issuer Distinguished Name and Othername in Subject Alternate Name.

PKI Services certificates can include the following types of extensions:
Standard extensions
The standard X.509v3 certificate extensions:
  • authority information access
  • authority key identifier
  • basic constraints
  • certificate policies
  • certificate revocation list (CRL) distribution points
  • extended key usage
  • key usage
  • subject alternate name
  • subject key identifier
Other extensions
Extensions that are unique to PKI Services, such as host identity mapping. This extension associates the subject of a certificate with a corresponding identity on a host system, such as with a RACF® user ID.

To support your organization's policies, PKI Services provides the means for you to select and customize the supported certificate extensions. For example, you can change the extensions that are specified in the default certificate templates or create templates that return certificates with different extensions. In addition, you can include your own extensions in your certificates by defining custom extensions.

Parent topic: Introducing PKI Services

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014