z/OS Cryptographic Services PKI Services Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Setting up PKI Services to create private keys for CMP clients

z/OS Cryptographic Services PKI Services Guide and Reference
SA23-2286-00

PKI Services can create private keys for CMP clients and return a private key with a certificate. It uses the PKCS #11 API provided by ICSF to create private keys. Note, however, that PKI Services does not archive the private keys in the ICSF token data set (TKDS), as it does for private keys that it creates for certificate requests it receives from the end-user Web application. To allow PKI Services to create private keys, you must ensure that the ICSF programmer has installed and configured ICSF, and has set up the TKDS. For more information, see Installing and configuring ICSF (optional).
Note: You do not need to perform any of the other tasks described in Steps for setting up PKI Services to generate keys for certificate requests, such as setting the TokenName parameter in the configuration file, to allow the PKI Services CMP CGI program to generate private keys for CMP clients. Those tasks apply only to private key generation done by the PKI Services daemon, for certificates requested via the PKI Services Web application.
Parent topic: Setting up PKI Services to process CMP requests

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014