Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Key database files z/OS Cryptographic Services System SSL Programming SC14-7495-00 |
|
To use a key database in FIPS mode, it must be created as a FIPS mode database. Key databases that are created through gskkyman not explicitly specifying FIPS during creation, or created through an application not executing in FIPS mode, cannot be used by an application executing in FIPS mode. To create a FIPS mode key database using the gskkyman utility, see Creating, opening, and deleting a key database file. To create a FIPS mode key database using the Certificate Management Services API, the application must start in FIPS mode (see gsk_fips_state_set()). The following are key points when using FIPS key databases:
The gskkyman utility automatically detects when a FIPS mode key database is opened, and executes in FIPS mode. This ensures that only certificates or certificate requests that meet the FIPS mode requirements in Table 1 may be added to the key database. |
Copyright IBM Corporation 1990, 2014
|