| Administration Web application |
Assists authorized administrators to review
requests for certificates, approve or reject requests, renew certificates,
or revoke certificates through their own Web browsers. The application
consists of sample screens that you can easily customize to display
your organization's logo. It also supports the following tasks:- Reviewing pending certificate requests
- Querying pending requests to process those that meet certain criteria
- Displaying detailed information about a certificate or request
- Monitoring certificate information, such as validity period
- Annotating the reason for an administrative action
|
| DB2® (optional) |
Provides an alternative to VSAM data sets as
the repository for the object store (request database) and issued
certificate list (ICL). |
| End-user Web application |
Guides your users to request, obtain, and renew
certificates through their Web browsers. The application consists
of sample screens that you can easily customize to meet your organization's
needs for certificate content and standards for appearance. It offers
several certificate templates that you can use to create requests
for a variety of certificate types, based on the certificate's intended
purpose and validity period, and supports certificate requests that
are automatically approved. |
| Exit |
Provides advanced customization including additional
authorization checking, additional validation, changes to parameters
on calls to the R_PKIServ callable service (IRRSPX00),
and capture of certificates for further processing. An exit program
can be called from the daemon, for automatic certificate renewal,
or from the PKIServ CGIs. Exit methods can be called
from Java™ server pages (JSPs).
The exit program and methods support both preprocessing and post-processing
functions. A code sample in C language code is included. |
| IBM® HTTP
Server (optional) |
PKI Services uses the web server
to encrypt messages, authenticate requests, and transfer certificates
to intended recipients if you implement the PKI Services web application
using REXX CGI scripts. You can use either IBM HTTP Server V5.3 (powered by Domino) or IBM HTTP Server V7 (powered by Apache)
as the web server. |
| ICSF (optional) |
Securely stores the PKI Services certificate
authority's private signing key and key pairs that PKI Services generates
for certificates. |
| LDAP |
The directory that maintains information about
the valid and revoked certificates that PKI Services issues in
an LDAP-compliant format. You can use an LDAP server such as the one
provided by IBM Tivoli Directory Server for z/OS. |
| PKI Services daemon |
The server daemon that acts as your certificate
authority, confirming the identities of users and servers, verifying
that they are entitled to certificates with the requested attributes,
and approving and rejecting requests to issue and renew certificates.
It includes support for: - An issued certificate list (ICL) to track issued certificates
- Certificate revocation lists (CRLs) to track revoked certificates
|
| R_PKIServ callable service
(IRRSPX00) |
The application programming interface (API)
that allows authorized applications, such as servers, to programmatically
request the functions of PKI Services to generate,
retrieve and administer certificates. |
| RACF® (or
equivalent) |
Controls who can use the functions of the R_PKIServ callable
service and protects the components of your PKI Services system. RACF creates your certificate authority's
certificate, key ring and private key. You can also use it to store
the private key, if ICSF is not available. |
| Websphere Application server (optional) |
Serves as the application server
if you implement the PKI Services web application
using Java server pages (JSPs). |
z/OS Cryptographic Services PKI Services Guide and Reference
Copyright IBM Corporation 1990, 2014