z/OS Cryptographic Services PKI Services Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Deciding the value of key_backup

z/OS Cryptographic Services PKI Services Guide and Reference
SA23-2286-00

Use the following decision table to determine the value of key_backup in Table 1. The key_backup variable determines whether the PKI Services CA certificate and private key should be backed up to an encrypted data set.
Table 1. Decision table for key_backup
If … Then … Notes
You want to back up your CA's certificate and private key to a passphrase encrypted data set … Do not change the default key_backup=1

When you use IKYSETUP, you need to enter a passphrase whose display is not inhibited, it appears on the screen in the clear.

You cannot back up PCICC keys (key_type=2) and hardware ECC keys (key_type=6 or key_type=7).
You do not want to back up your CA's certificate and private key to a passphrase encrypted data set … Set key_backup=0 — 
Parent topic: Variables whose values might change depending on setup

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014