Supported certificate types
Table 1 lists the types of certificates
that you can request, based on the certificate templates that are
included with PKI Services.
Certificate templates are samples of the most commonly requested certificate
types. You can add, modify, and remove certificate templates to customize
the variety of certificate types you offer to your users.
| Type of certificate | Use |
|---|---|
| One-year PKI SSL browser certificate | End-user client authentication using SSL |
| One-year PKI S/MIME browser certificate | Browser-based email encryption |
| One-year PKI generated key certificate | Generation of public and private keys by PKI Services |
| Two-year EV SSL server certificate | SSL web server certification with verification of the subject’s identity meeting the guidelines for extended validation (EV) certificates. |
| Two-year PKI browser certificate for authenticating to z/OS® | End-user client authorization using SSL when logging on to z/OS |
| Two-year PKI Authenticode - code signing server certificate | Software signing |
| Two-year PKI Windows logon certificate | End-user client authentication for an Active Directory user logging in to a Windows desktop using a smart card |
| Five-year PKI SSL server certificate | SSL web server certification |
| Five-year PKI IPSEC server (firewall) certificate | Firewall server identification and key exchange |
| Five-year PKI intermediate CA server certificate | Subordinate (non-self-signed) certificate authority certification |
| Five-year SCEP certificate | Creation of a preregistration record for certificate requestors.
(Certificate requestors using Simple Certificate Enrollment Protocol (SCEP) must be
preregistered.) Unlike other templates, this template is intended for administration use only. |
| n-year PKI browser certificate for extensions demonstration | Demonstration of all extensions supported by PKI Services |
| One-year SAF browser certificate | End-user client authentication where the security
product (RACF®, not PKI Services) is the
certificate provider Note: The certificate generated by this template
cannot be managed by the PKI Services administrator.
|
| One-year SAF server certificate | Web server SSL certification where the security
product (RACF, not PKI Services) is the
certificate provider Note: The certificate generated by this template
cannot be managed by the PKI Services administrator.
|
Note: You can customize certificate templates to add, modify,
and remove certificate types.