Allowing PKI Services to generate key pairs for certificate requests

You can choose to allow PKI Services to generate key pairs (public and private key) for certificate requests. The PKI Services daemon does this using the PKCS #11 API provided by ICSF. Set up profiles in the CRYPTOZ class to allow the PKI Services daemon to use the PKCS #11 API:
  • Activate the CRYPTOZ class.
  • Define the profile SO.daemon_id.* in the CRYPTOZ class.
  • Give the daemon user ID UPDATE access to the profile
  • Define the profile USER.daemon_id.* in the CRYPTOZ class.
  • Give the daemon user ID CONTROL access to the profile.
Parent topic: Actions IKYSETUP performs by issuing RACF commands