![[z/OS]](../images/ngzos.svg)
Managing keys with the native key database gskkyman (z/OS systems)
Use the native z/OS® key management (gskkyman key database) support for key management tasks.
About this task
To have a secure network connection, create a key for secure network communications and receive a certificate from a certificate authority (CA) that is designated as a trusted CA on your server.
IBM® HTTP Server on z/OS does not support IKEYMAN or gskcmd.
Use gskkyman to create key databases, public and private key pairs, and certificate requests. If you act as your own CA, you can use gskkyman to create self-signed certificates. If you act as your own CA for a private Web network, you have the option to use the server CA utility to generate and issue signed certificates to clients and servers in your private network.
Procedure
- To use native z/OS key management (gskkyman) tasks, refer to Cryptographic Services PKI Services Guide and Reference document (SA22-7693). Link to this document from the z/OS Internet Library.
- A typical task that this document contains is using a gskkyman key database for your
certificate store. See section Appendix B. Using a gskkyman key database for a description of how to use gskkyman.
- Important: The certificate requests that gskkyman generates for use with IBM HTTP Server should use RSA keys and not DSA keys.