Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Introduction z/OS Cryptographic Services System SSL Programming SC14-7495-00 |
|
SSL connections use public/private key mechanisms for authenticating each side of the SSL session and agreeing on bulk encryption keys to be used for the SSL session. To use public/private key mechanisms (termed PKI), public/private key pairs must be generated. In addition, X.509 certificates (which contain public keys) might need to be created, or certificates must be requested, received, and managed. System SSL supports these two methods for managing PKI private keys and certificates:
The System SSL application uses the GSK_KEYRING_FILE parameter of the gsk_attribute_set_buffer() API or the GSK_KEYRING_FILE environment variable to specify the locations of the PKI private keys and certificates to System SSL. If you are using a z/OS key database, the key database file name is passed in this parameter. If you are using a RACF key ring or z/OS PKCS #11 token, the name of the key ring or token is passed in this parameter. |
Copyright IBM Corporation 1990, 2014
|