Manage keys with the native key database gskkyman (z/OS systems)

Use the native z/OS® key management (gskkyman key database) support for key management tasks.

About this task

To have a secure network connection, create a key for secure network communications and receive a certificate from a certificate authority (CA) that is designated as a trusted CA on your server.

IBM HTTP Server on z/OS does not support IKEYMAN or gskcmd.

Use gskkyman to create key databases, public and private key pairs, and certificate requests. If you act as your own CA, we can use gskkyman to create self-signed certificates. If you act as your own CA for a private Web network, you have the option to use the server CA utility to generate and issue signed certificates to clients and servers in your private network.

Procedure

• To use native z/OS key management (gskkyman) tasks, refer to Cryptographic Services PKI Services Guide and Reference document (SA22-7693). Link to this document from the z/OS Internet Library.

• A typical task that this document contains is using a gskkyman key database for your certificate store. See section Appendix B. Using a gskkyman key database for a description of how to use gskkyman. Important: The certificate requests that gskkyman generates for use with IBM HTTP Server should use RSA keys and not DSA keys.

Related concepts

• IBM HTTP Server certificate management

Related tasks

• Secure IBM HTTP Server

• Configure SSL between the IBM HTTP Server Administration Server and the deployment manager

• Secure with SSL communications

• Set advanced SSL options

• Manage keys with the IKEYMAN graphical interface (Distributed systems)

• Manage keys from the command line (Distributed systems)

• Getting started with the cryptographic hardware for SSL (Distributed systems)

• Authenticating with LDAP on IBM HTTP Server using mod_ldap

• Authenticating with SAF on IBM HTTP Server (z/OS systems)

• Secure with SSL communications

Related

• z/OS Internet Library