This topic describes the configuration required to allow your z/OS® installations to participate in the IdenTrust infrastructure. By performing the task described here, you can configure z/OS Cryptographic Services PKI Services to operate as an IdenTrust compliant certificate authority (CA). This allows you to use z/OS to manage the life cycle of digital certificates on behalf of your organization and in accordance with your security policy. You can then issue and revoke digital certificates as needed.

This topic contains an overview, a task roadmap, a set of procedures you need to perform, and a set of code samples that you can customize as you complete the procedures.

z/OS Cryptographic Services PKI Services is the component of the IBM® z/OS operating system that provides support for the Public Key Infrastructure (PKI) infrastructure. Beginning with z/OS Version 1 Release 5, PKI Services was certified at the IdenTrust 3.1 specification level as an IdenTrust compliant CA software program.

For more overview information about z/OS support for IdenTrust, see http://www.ibm.com/servers/eserver/zseries/security/identrus/.