z/OS Cryptographic Services PKI Services Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Configuring the UNIX runtime environment

z/OS Cryptographic Services PKI Services Guide and Reference
SA23-2286-00

You need to perform all of the tasks in this topic if you are configuring PKI Services for the first time. If you have already configured PKI Services for an earlier release, you might need to perform some of the tasks in this topic if you are adding support for a function.

After the RACF® administrator performs the tasks necessary to set up PKI Services, the UNIX programmer needs to perform the following tasks:

  • If necessary, copy files.
  • If necessary, update the environment variables file.
  • If necessary, update the configuration file.
  • If configuring PKI Services for the first time or adding a new CA domain, set up the /var/pkiserv directory.

The following table summarizes information about copying and updating files. To view the contents of any of these files, see Other code samples.

Table 1. Deciding which files to copy and change
File Purpose Need to copy? Need to change?
expiringmsg.form The form for an e-mail sent to a user when a certificate is going to expire. Only if your company sends an e-mail notification to a user about a certificate that is going to expire Guideline: Make no changes to this file until later. See Customizing e-mail notifications sent to users for details about making changes.
pendingmsg.form The form for an e-mail sent to an administrator when requests are pending approval Only if your company sends an e-mail notification to an administrator about requests that are pending approval Guideline: Make no changes to this file until later. See Customizing e-mail notifications sent to users for details about making changes.
pkiserv.conf Configuration file. Contains various settings and values PKI Services needs. Only if you are configuring PKI Services for the first time.

The UNIX programmer might need to change the LDAP section of this file. Guideline: Do not change it now but change it later when you perform Steps for tailoring the LDAP section of the configuration file.

The UNIX programmer might need to update the non-LDAP section of the pkiserv.conf configuration file when you add support for a function. For more information, see Optionally updating the pkiserv.conf configuration file.
pkiserv.envars The environment variables file.

Only if you are configuring PKI Services for the first time and the file needs changes.

 UNIX programmer might have to update this file. See Optionally updating PKI Services environment variables.
pkiserv.tmpl The certificate templates file used with REXX CGI execs. It contains HTML-style code that builds the Web pages underlying certificate requests. Only if you are configuring PKI Services for the first time and using the REXX CGI execs to implement the PKI Services Web application. Guideline: Make no changes to this file until later. See Customizing the end-user Web application if you use REXX CGI execs for details about making changes.
PKIServ.xsd The XML schema that defines the syntax of the XML certificate templates file pkitmpl.xml. Only if you are configuring PKI Services for the first time and using the Java™ server pages (JSPs) to implement the PKI Services Web application. Rule: Do not make changes to this file.
pkitmpl.xml The certificate templates file used with Java server pages (JSPs). It defines applications and certificates in XML. Only if you are configuring PKI Services for the first time and using the JSPs to implement the PKI Services Web application. Guideline: Make no changes to this file until later. See Implementing the Web application using Java server pages for details about making changes.
readymsg.form The form for an e-mail sent to a user when the PKI Services administrator has approved a certificate request and the certificate is ready for retrieval. Only if your company sends an e-mail notification to a user after the PKI Services administrator has approved a certificate request and the certificate is ready for retrieval. Guideline: Make no changes to this file until later. See Customizing e-mail notifications sent to users for details about making changes.
rejectmsg.form The form for an e-mail sent to a user when the PKI Services administrator has rejected a certificate request. Only if your company sends an e-mail notification to a user after the PKI Services administrator has rejected a certificate request. Guideline: Make no changes to this file until later. See Customizing e-mail notifications sent to users for details about making changes.
renewcertmsg.form The form for an e-mail sent to a user when PKI Services has automatically renewed an expiring certificate. Only if your company enables automatic renewal of certificates. Guideline: Make no changes to this file until later. See Customizing e-mail notifications sent to users for details about making changes.
recoverymsg.form The form for an e-mail sent to a user who has requested that PKI Services recover a certificate for which PKI Services generated the key pair. Only if your company allows users to request that PKI Services generate key pairs for certificate requests. Guideline: Make no changes to this file until later. See Customizing e-mail notifications sent to users for details about making changes.
Parent topic: Configuring your system for PKI Services

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014