ca_dn |
The CA's distinguished name. (For a definition
of distinguished name, see Table 1.) If
you already have your CA certificate and private key set up in RACF®, set ca_dn="",
set ca_label (in the following row) to the value
of your CA's label, and update ca_expires (in Table 1)
to reflect the expiration date of your CA certificate.
If you
do not already have your CA certificate and private key set up in RACF, cross out the default in
the rightmost cell of this row and record the information for your
company-specific information for distinguished name on the blank line.
|
The suffix of the PKI Services CA's distinguished
name must match the LDAP suffix. (The LDAP suffix is in the LDAP server configuration file. See Table 1 for a definition of suffix.) Note: However,
do not specify a C('value') if it is not present
in your LDAP suffix.
|
When you also set ca_domain: OU('ca_domain Human
Resources Certificate Authority')
When you do
not set ca_domain: OU('Human Resources
Certificate Authority')
O('Your Company')
C('Your
Country 2 Letter Abbreviation')
__________________________________
|
ca_label |
The CA certificate label. If you already
have your CA certificate and private key set up in RACF (and your CA certificate's label differs
from the default), you need to set ca_label to your
CA certificate's label. |
No |
When you also set ca_domain: ca_domain Local PKI CA When
you do not set ca_domain: Local PKI CA
(Replace the default if you
already have your CA certificate and private key set up in RACF.)
__________________________________
|
daemon_uid |
The z/OS UNIX user identifier (UID) associated with the PKI Services daemon user
ID. |
No |
554 __________________________________
|
pki_gid |
The z/OS UNIX group identifier
(GID) for the PKI Services administration
group. |
No |
655 __________________________________
|
pkigroup_mem. |
Members of the PKI administration
group are responsible for administering PKI Services functions. Guideline: Assign
PKI administration duties to only highly trusted individuals.
pkigroup_mem. is
a list in which pkigroup_mem.0 is the number of members
in the list and the rest of the entries are their user IDs. You must
change the pkigroup_mem.0 to at least 1, and change pkigroup_mem.1 through pkigroup_mem.n to
the member user IDs.
|
No |
0 (default for pkigroup_mem.0,
the number of member user IDs) __________________________________
Note: You
must change the default to at least 1.
(Record
the member IDs:)
__________________________________
__________________________________
__________________________________
__________________________________
__________________________________
|
ra_dn |
The RA's distinguished name for use with Simple Certificate Enrollment Protocol (SCEP). (For a
definition of distinguished name, see Table 1.) This name should be
similar but not identical to your CA's distinguished name. If you
do not wish to have PKI Services operate
with a separate RA certificate, set ra_dn="".
|
No
|
CN('Registration Authority') OU('Human
Resources Certificate Authority')
O('Your
Company')
C('Your Country 2 Letter
Abbreviation')
__________________________________
|
ra_label |
The certificate label of your RA certificate
in RACF. |
No |
When you also set ca_domain:ca_domainLocal
PKI RA When you do not set ca_domain: Local
PKI RA
__________________________________
|
surrog_uid |
The UID associated with the surrogate user
ID. |
No |
555 __________________________________
|
web_dn |
Your Web server's distinguished name. (For
a definition of distinguished name, see Table 1.) Note: - The RACF administrator
copies the fully qualified domain name from an earlier table: Table 1.
- If you already have your Web server configured for SSL:
- Set web_dn=""
- Update the web_ring row
(You need to connect your PKI Services CA certificate
to your key ring. See the web_ring row for directions.)
|
The value of the Web server's common name
(CN), which is your server's symbol IP address. For example, www.YourCompany.com
must match your Web server's fully qualified domain name. |
CN('www.YourCompany.com') O('Your
Company')
L('Your City')
SP('Your
Full State or Province Name')
C('Your
Country 2 Letter Abbreviation')
__________________________________
|
web_ring |
The name of the Web server's SAF key ring. If
your Web server is configured for SSL and you are using a RACF key ring, set web_ring to
the value of the RACF key ring.
If your Web server is configured for SSL and you are using gskkyman,
set web_ring="" and see Using a gskkyman key database for
additional directions.
|
httpd*.conf
KeyFile
directive |
SSLring
__________________________________
|