z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Copying a certificate and its private key from a key database on the same system

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

To copy a certificate and its private key from one key database to another key database or z/OS® PKCS #11 token on the same system, you need to know the target key database file name and password, or the z/OS PKCS #11 token name. If the target database is a FIPS database, then the source database must also be a FIPS database. Copying into a FIPS database from a non-FIPS database or z/OS PKCS #11 token is not supported. If the target database is a non-FIPS database or z/OS PKCS #11 token, then the source may be a non-FIPS database, a FIPS database, or a z/OS PKCS #11 token. From the Key Management Menu, select 1 - Manage keys and certificates to display the Key and Certificate Menu. Find the label of the certificate to be copied and enter the number associated with the label. From the Key and Certificate Menu, enter 5 to copy a certificate and key to another database or z/OS PKCS #11 token.

Figure 1. Copying a Certificate with its Private Key to a Key Database on the Same System
                                                         
       Key and Certificate Menu                          
                                                         
       Label: newimp                                     
                                                                                                                                         
   1 - Show certificate information                                             
   2 - Show key information                                                     
   3 - Set key as default                                                       
   4 - Set certificate trust status                                             
   5 - Copy certificate and key to another database/token                             
   6 - Export certificate to a file                                             
   7 - Export certificate and key to a file                                     
   8 - Delete certificate and key                                               
   9 - Change label
  10 - Create a signed certificate and key
  11 - Create a certificate renewal request                                                             
                                                                                
   0 - Exit program                                                             
                                                                                
Enter option number (press Enter to return to previous menu):  5 <enter>
Enter 1 to specify token name or
      2 to specify database name
      (press ENTER to return to menu): 2 <enter>
Enter key database name (press Enter to return to previous menu): target.kdb <enter>
Enter database password (press Enter to return to previous menu): <enter password>

Record copied.
  
Press ENTER to continue. 
===>

You will then be prompted for the target key database name, and the target key database password. Once the certificate is copied to the other key database file, you will receive a message indicating that the certificate has been successfully copied.

Note: When a certificate with a key marked as default is copied from a key database into another token or database, it is not marked as the default key in that token or database.
Parent topic: Copying a certificate (and private key) to a different key database or z/OS PKCS #11 token

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014