Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Importing a certificate from a file with its private key z/OS Cryptographic Services System SSL Programming SC14-7495-00 |
|
To store a certificate into a different key database format or to a different system with its private key, the certificate must be exported from the source system into a PKCS #12 format file (See Copying a certificate with its private key for more information). PKCS #12 files are password-protected to allow encryption of the private key information. If the CA certificate that is being imported was signed by another CA certificate, the complete chain must be present in the key database file or z/OS® PKCS #11 token before the import. From the Key Management Menu or Token Management Menu , enter 8 to import a certificate and a private key: Figure 1. Key Management Menu
Figure 2. Token Management Menu
You are prompted to enter the certificate file name, password, and your choice of a unique label to be assigned to the certificate. Once the certificate is imported, you receive a message indicating that import was successful. The next step is to determine whether the certificate should be marked as the database's or tokens default certificate. Setting the certificate as the default certificate allows the certificate to be used by the SSL APIs without having to specify its label. For more information about setting the default certificate, see Marking a certificate (and private key) as the default certificate). A certificate and key can be imported into a FIPS key database providing it is a PKCS #12 Version 3 with strong encryption format. When adding certificates from the import file to a FIPS key database file only certificates signed with FIPS signature algorithms using FIPS-approved key sizes may be imported. When processing a chain of certificates, processing of the chain terminates if a non-FIPS certificate is encountered. Certificates that are processed before the failing certificate is added to the key database file. It is the responsibility of the importer to ensure that the file came from a source meeting FIPS 140-2 criteria to maintain adherence to the FIPS criteria. |
Copyright IBM Corporation 1990, 2014
|