z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Copying a certificate and its private key from a z/OS PKCS #11 token on the same system

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

To copy a certificate and its private key from a z/OS® PKCS #11 token to another z/OS PKCS #11 token or key database file on the same system, from the Token Management Menu, select 1 - Manage Keys and Certificates to display the Token Key and Certificate List. Find the label of the certificate to be copied and enter the number associated with the label. From the Token Key and Certificate Menu enter 5 to copy a certificate and key to another token or a key database file. If the target is a key database on the same system, you need to know the targets file name and password.

Figure 1. Copying a Certificate with its Private Key to a z/OS PKCS #11 Token on the Same System
                                                         
       Token Key and Certificate Menu                          
                                                         
       Label: newimp                                     
                                                                                                                                         
   1 - Show certificate information                                             
   2 - Show key information                                                     
   3 - Set key as default                                                       
   4 - Set certificate trust status                                             
   5 - Copy certificate and key to another database/token                       
   6 - Export certificate to a file                                             
   7 - Export certificate and key to a file                                     
   8 - Delete certificate and key                                               
   9 - Change label
  10 - Create a signed certificate and key
  11 - Create a certificate renewal request                                                             
                                                                                
   0 - Exit program                                                             
                                                                                
Enter option number (press ENTER to return to previous menu): 5 <enter>                 
                                                                                
Enter 1 to specify token name or
      2 to specify database name
      (press ENTER to return to menu): 1 <enter> 
Enter token name (press ENTER to return to menu): TOKENDEF <enter>                              
                                                                                
Record copied.                                                                 
                                                                                
Press ENTER to continue.                                                        
 ===>

You will then be prompted to choose either a z/OS PKCS #11 token or a key database as the target of the copy. Figure 1 shows the prompts if a z/OS PKCS #11 token is chosen as the target. Once the certificate is copied, you will receive a message indicating that the certificate has been successfully copied.

Note: When a certificate with a key marked as default is copied from a key database into another token or database, it is not marked as the default key in that token or database.
Parent topic: Copying a certificate (and private key) to a different key database or z/OS PKCS #11 token

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014