z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Creating a certificate renewal request

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

Certificate renewal requests allow for existing signed certificates that have expired or are nearing their expiration dates to be renewed without having to create a brand new certificate request. The renewed certificate continues to contain the same subject name, public/private key pair. From the Key Management Menu or Token Management Menu , select 1 - Manage keys and certificates to display the Key and Certificate List or Token Key and Certificate List respectively. Find the label of the certificate to be renewed and enter the number associated with the label. From the Key and Certificate Menu or Token Key and Certificate Menu choose option 11 to create a certificate renewal request.

Enter the request file name (press ENTER to return to menu). The certificate request is created. Press enter to continue. After creating the certificate renewal request, perform the following steps:
  1. If you want a certificate authority (CA) to sign the certificate, send the certificate request to the CA. See Sending the certificate request. If you are acting as your own CA, use the gskkyman command line interface to sign the certificate. See Using gskkyman to be your own certificate authority (CA).
  2. Receive the renewed certificate into your key database. See Receiving the signed certificate or renewal certificate.
Parent topic: Managing keys and certificates

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014