Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Copying a certificate with its private key z/OS Cryptographic Services System SSL Programming SC14-7495-00 |
|
To copy a certificate to a different key database format or to a different system with its private key, the certificate must be exported to a PKCS #12 formatted file. PKCS #12 files are password-protected to allow encryption of the private key information. From the Key Management Menu or Token Management Menu, select 1 - Manage keys and certificates to display a list of certificates with private keys. Find the label of the certificate to be copied and enter the number associated with the label. In the Key and Certificate Menu or Token Key and Certificate Menu, enter option 7 to export the certificate and private key to a file. The Export File Format menu appears: Figure 1. Export File Format
Figure 2. Export File Format
The second display applies to z/OS® PKCS #11 tokens. You are then prompted for what file format you would like for the exported certificate information. The file format is determined by the support on the receiving system. In most cases the format to be used is Binary PKCS #12 Version 3. When the receiving system implementation is z/OS System SSL V1R2 or earlier, the selected format must be Binary PKCS #12 Version 1. z/OS PKCS #11 tokens only support Version 3 PKCS #12 export. Export from a FIPS database must be PKCS #12 Version 3 using strong encryption. After selecting the export format, you are asked for a file name and password. You then receive a message indicating that the certificate was exported. You can now transfer this file to the system and import the certificate into the key database file or z/OS PKCS #11 token. If copying to a remote system, this file can now be transferred (in binary) to the remote system. For information about receiving the certificate into the key database file, see Importing a certificate from a file with its private key). Upon successfully receiving the certificate, the certificate can now be used to identify the program. For example, the certificate can be used as the SSL server program's certificate or it can be used as the SSL client program's certificate. |
Copyright IBM Corporation 1990, 2014
|