Allowing PKI Services to generate key pairs for certificate requests
You can choose to allow PKI Services to generate key pairs (public
and private key) for certificate requests. The PKI Services daemon
does this using the PKCS #11 API provided by ICSF. Set up profiles
in the CRYPTOZ class to allow the PKI Services daemon to use the PKCS
#11 API:
- Activate the CRYPTOZ class.
- Define the profile SO.daemon_id.* in the CRYPTOZ class.
- Give the daemon user ID UPDATE access to the profile
- Define the profile USER.daemon_id.* in the CRYPTOZ class.
- Give the daemon user ID CONTROL access to the profile.