Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Key database files z/OS Cryptographic Services System SSL Programming SC14-7495-00 |
|
Key database files are password protected because they contain the private keys that are associated with some of the certificates that are contained in the key database. Private keys, as their name implies, should be protected because their value is used in verifying the authenticity of requests made during PKI operations. It is suggested that key database files be set with these string
file permissions:
The owner of the key database should be the user managing the key
database. The program using System SSL (and the key database) must
have at least read permission to the key database file at
run time. If the program is a server program that runs under a different
user ID than the administrator of the key database file, you should
set up a group to control access to the key database file. In this
case, it is suggested that you set the permissions on the key database
file to:
The owner of the key database file is set to the administrator user ID and the group owner of the key database file is set to the group that contains the server that is using the key database file. A key database that is created as a FIPS mode database, can only be updated by gskkyman or by using the CMS APIs executing in FIPS mode. Such a database, however, may be opened as read-only when executing in non-FIPS mode. Key databases created while in non-FIPS mode cannot be opened when executing in FIPS mode. |
Copyright IBM Corporation 1990, 2014
|