z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Showing certificate/key information

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

It is sometimes useful to display the information contained in the certificates that are stored in the key database. The information displayed includes, among others, the label, issuer/subject name, the version number of the certificate, the key size for the public/private key pair, and the expiration date.

To list information about certificates that contain private keys, from the Key Management Menu or Token Management Menu (see Figure 4) select 1, (Manage keys and certificates). This displays the Key and Certificate List.

Select the number corresponding to the label for which you would like to display certificate/key information. The Key and Certificate Menu for the label you chose displays next

On the Key and Certificate Menu or the Token Key and Certificate Menu, you could choose 1 to display certificate information. This accesses the Certificate Information menu (see Figure 1):

Figure 1. Certificate Information
                        Certificate Information                                 
                                                                                
                 Label: Server Cert                                                  
             Record ID: 13                                                      
      Issuer Record ID: 13                                                      
               Trusted: Yes                                                     
               Version: 3                                                       
         Serial number: 3c73c6d0000e8076                                        
           Issuer name: My Server Certificate                                           
                        ID                                                      
                        IBM                                                     
                        Endicott                                                
                        NY                                                      
                        US                                                      
          Subject name: My Server Certificate                                           
                        ID                                                      
                        IBM                                                     
                        Endicott                                                
                        NY                                                      
                        US                                                      
        Effective date: 2010/02/20                                              
       Expiration date: 2015/10/22  
   Signature algorithm: shalWithRsaEncryption   
      Issure unique ID: None
     Subject unique ID: None                                         
  Public key algorithm: rsaEncryption                                           
       Public key size: 1024  
            Public key: 30 81 89 02 81 81 00 E5 19 BF 6D A3 56 61 2D 99         
                        48 71 F6 67 DE B9 8D EB B7 9E 86 80 0A 91 0E FA
                        38 25 AF 46 88 82 E5 73 A8 A0 9B 24 5D 0D 1F CC
                        65 6E 0C B0 D0 56 84 18 87 9A 06 9B 10 A1 73 DF
                        B4 58 39 6B 6E C1 F6 15 D5 A8 A8 3F AA 12 06 8D
                        31 AC 7F B0 34 D7 8F 34 67 88 09 CD 14 11 E2 4E 
                        45 56 69 1F 78 02 80 DA Dc 47 91 29 BB 36 C9 63
                        5C C5 E0 D7 2D 87 7B A1 B7 32 B0 7B 30 BA 2A 2F                
                        31 AA EE A3 67 DA DB 02 03 01 00 01       
                                                         
  Number of extensions: 4                                                       
                                                                                
Enter 1 to display extensions, 0 to return to menu:  1 <enter>                           
 ===>
Note: For a z/OS® PKCS #11 certificate, the Record ID and Issuer Record ID is N/A.

From the Certificate Information screen, you can also enter 1 to display certificate extensions:

Figure 2. Certificate extensions list
                                                                                
       Certificate Extensions List                                              
                                                                                
   1 - subjectKeyIdentifier                                                     
   2 - authorityKeyIdentifier                                                   
   3 - keyUsage (critical)                                                      
   4 - basicConstraints (critical)                                              
                                                                                
Enter extension number (press ENTER to return to previous menu): 3 <enter>               
 ===>

Enter 3 on the Certificate Extensions List to show key usage information:

Figure 3. Key usage information
                                                 
Certificate signature
CRL signature                   
                                                 
Press ENTER to continue.                         
 ===>

To display key information, from the Key and Certificate Menu or Token Key and Certificate Menu, choose 2, Show Key Information. This accesses the Key Information menu (see Figure 4) or the Token key information menu (see Figure 5 or Figure 6 :

Figure 4. Key information menu
                        Key Information                                         
                                                                                
                 Label: Server Cert                                                  
             Record ID: 13                                                      
      Issuer Record ID: 13                                                      
           Default key: Yes                                                     
 Private key algorithm: rsaEncryption                                           
      Private key size: 1024                                                    
          Subject name: My Server Certificate                                           
                        ID                                                      
                        IBM                                                     
                        Endicott                                                
                        NY                                                      
                        US   
                                                                                
Press ENTER to continue.                                                        
 ===>
Figure 5. Token key information menu of a certificate with a secure private key
                        Token key information                                         
                                                                                
                 Label: Sample RSA Certificate 1                                                  
             Record ID: N/A                                                      
      Issuer Record ID: N/A                                                      
           Default key: Yes                                                     
 Private key algorithm: rsaEncryption                                           
      Private key size: 1024                                                    
      Private key type: Secure
          Subject name: Certificate with secure private key                                        
                        ID                                                      
                        IBM                                                     
                        Endicott                                                
                        NY                                                      
                        US   
                                                                                
Press ENTER to continue.                                                        
 ===>
Figure 6. Token key information menu of a certificate with a clear private key
                        Token key information                                         
                                                                                
                 Label: Sample RSA Certificate 2                                                  
             Record ID: N/A                                                      
      Issuer Record ID: N/A                                                      
           Default key: Yes                                                     
 Private key algorithm: rsaEncryption                                           
      Private key size: 1024                                                    
      Private key type: Clear
          Subject name: Certificate with clear private key                                        
                        ID                                                      
                        IBM                                                     
                        Endicott                                                
                        NY                                                      
                        US   
                                                                                
Press ENTER to continue.                                                        
 ===>
Note: For a z/OS PKCS #11 certificate, the Record ID and Issuer Record ID is N/A.
Parent topic: Managing keys and certificates

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014