Manage keys with the native key database gskkyman (z/OS systems)

Manage keys with the native key database gskkyman (z/OS systems)

Use the native z/OS key management (gskkyman key database) support for key management tasks.

Overview

To have a secure network connection, create a key for secure network communications and receive a certificate from a certificate authority (CA) that is designated as a trusted CA on our server.
IBM HTTP Server on z/OS does not support iKeyman or gsk7cmd.
Use gskkyman to create key databases, public and private key pairs, and certificate requests. If you act as our own CA, we can use gskkyman to create self-signed certificates. If we act as our own CA for a private Web network, we have the option to use the server CA utility to generate and issue signed certificates to clients and servers in our private network.
We cannot use gskkyman for configuration options that update the httpd.conf configuration file.

Procedure

To use native z/OS key management (gskkyman) tasks, refer to Cryptographic Services PKI Services Guide and Reference document (SA22-7693). Link to this document from the z/OS Internet Library.

A typical task that this document contains is using a gskkyman key database for our certificate store. See section "Appendix B. Using a gskkyman key database" for a description of how to use gskkyman.

The certificate requests that gskkyman generates for use with IBM HTTP Server should use RSA keys and not DSA keys.

Related tasks

Securing with SSL communications

Related information

z/OS Internet Library