z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


PKA master keys and the PKDS

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

The step-by-step procedure for changing the PKA master keys is documented in this topic. The procedure assumes that SMK=KMMK. It is recommended that the KMMK=SMK to maximize the routing capability to the PCICC and to enable PKDS reencipher. Once that is completed, it is necessary to reencipher and activate the PKDS.

If the SMK does not equal KMMK, see Steps for setting the SMK equal to the KMMK.

Attention: If you do not have a PCICC, you should not change the PKA Master Keys. Changing the PKA master keys will make all internal tokens in the current PKDS unusable. You will need to reencipher and activate the PKDS in order to use them with the changed master key. This requires a PCICC on your system. See Steps for reenciphering and refreshing the PKDS for more information.

When the PKDS is shared by multiple images in a sysplex environment, the PKA master key must also be changed on all the sharing systems. See Running in a Sysplex Environment.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014