z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Manage certificates

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

This option manages certificates without private keys. A list of key labels is displayed. Pressing the ENTER key without making a selection will display the next set of labels. Selecting one of the label numbers will display this menu:

Figure 1. Certificate Menu
       Certificate Menu

       Label: Certificate_label_name  

   1 - Show certificate information
   2 - Set certificate trust status
   3 - Copy certificate to another database/token
   4 - Export certificate to a file
   5 - Delete certificate
   6 - Change label
  
   0 - Exit program

Enter option number (press ENTER to return to
previous menu):
Figure 2. Token Certificate Menu
       Token Certificate Menu

       Label: Certificate_label_name

   1 - Show certificate information
   2 - Set certificate trust status
   3 - Copy certificate to another database/token
   4 - Export certificate to a file
   5 - Delete certificate
   6 - Change label
   
   0 - Exit program

Enter option number (press ENTER to return to the
previous menu):
===>
Show certificate information
This option displays information about the X.509 certificate.
Set certificate trust status
This option sets or resets the trusted status for the X.509 certificate. A certificate cannot be used for authentication unless it is trusted.
Note: All z/OS® PKCS #11 token certificates are automatically created with the status set to trusted. Changing of the trust status is not supported for z/OS PKCS #11 token certificates.
Copy certificate to another database/token
This option copies the certificate to another token or a key database. An error is returned if the certificate is already in the token/database or if the label is not unique. A certificate may only be copied into a FIPSmode database from another FIPSmode database. A certificate may not be copied from a non-FIPSmode database or a PKCS #11 token to a FIPSmode database.
Export certificate to a file
This option exports the X.509 certificate to a file. The supported export formats are ASN.1 DER (Distinguished Encoding Rules) and PKCS #7 (Cryptographic Message Syntax). The export file will contain just the requested certificate when the DER format is selected. The export file will contain the requested certificate and its certification chain when the PKCS #7 format is selected.
Delete certificate
The certificate is deleted.
Change label
This option will change the label for the certificate.
Parent topic: Key Management menu/Token management menu

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014