This option manages certificates without private keys. A list
of key labels is displayed. Pressing the ENTER key without making
a selection will display the next set of labels. Selecting one of
the label numbers will display this menu:
Figure 1. Certificate Menu Certificate Menu
Label: Certificate_label_name
1 - Show certificate information
2 - Set certificate trust status
3 - Copy certificate to another database/token
4 - Export certificate to a file
5 - Delete certificate
6 - Change label
0 - Exit program
Enter option number (press ENTER to return to
previous menu):
Figure 2. Token Certificate
Menu Token Certificate Menu
Label: Certificate_label_name
1 - Show certificate information
2 - Set certificate trust status
3 - Copy certificate to another database/token
4 - Export certificate to a file
5 - Delete certificate
6 - Change label
0 - Exit program
Enter option number (press ENTER to return to the
previous menu):
===>
- Show certificate information
- This option displays information about the X.509 certificate.
- Set certificate trust status
- This option sets or resets the trusted status for the X.509 certificate.
A certificate cannot be used for authentication unless it is trusted.
Note: All z/OS® PKCS #11 token certificates
are automatically created with the status set to trusted. Changing
of the trust status is not supported for z/OS PKCS #11 token certificates.
- Copy certificate to another database/token
- This option copies the certificate to another token or a key database.
An error is returned if the certificate is already in the token/database
or if the label is not unique. A certificate may only be copied
into a FIPSmode database from another FIPSmode database. A certificate
may not be copied from a non-FIPSmode database or a PKCS #11 token
to a FIPSmode database.
- Export certificate to a file
- This option exports the X.509 certificate to a file. The supported
export formats are ASN.1 DER (Distinguished Encoding Rules) and PKCS
#7 (Cryptographic Message Syntax). The export file will contain just
the requested certificate when the DER format is selected. The export
file will contain the requested certificate and its certification
chain when the PKCS #7 format is selected.
- Delete certificate
- The certificate is deleted.
- Change label
- This option will change the label for the certificate.