(zos)Writable SAF Keyring settings
Use this page to manage existing writable System Authorization Facility (SAF) keyrings on the z/OS platform. To view this console page, click Security > SSL certificate and key management. Under Configuration settings, click Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration. Under Related Items, click Key stores and certificates. Click an existing keystore. Under Writable SAF Keyrings, click Control region keyring to manage the control region keyring information or click Servant region keyring to manage the servant region keyring information.
Any changes made to this panel are permanent.
Name
Unique name to identify the writable SAF keyring. The name is the name of the keystore specified on the create command that corresponds to the keyring owned by the RACF ID of the control region process. Or it is the name of the keystore specified on the create command that corresponds to the keyring owned by the RACF ID of the servant region process. The name is <your_keystore_name> -CR for the control region user and<your_keystore_name> -SR for the servant region user.
Information Value Data type: Text
Description
Description of the writable SAF keyring (either the control region keyring or the servant region keyring).
Information Value Data type: Text
Management scope
Management scope associated with the writable SAF keyring. These keystores are created in the same scope as <your_keystore_name> and can be accessed from the console from the <your_keystore_name> collection panel.
Information Value Data type: Text
Path
Location of the keyring file in the format needed by the keystore type. This file is a URL of the form, safkeyring:///your_keyring_name.
Information Value Data type: text
Change password [existing SAF keyring]
Password used to protect the keystore. For the default keyring (names ending in DefaultKeyStore or DefaultTrustStore) for which this keyring is associated, the password is WebAS. This default password must be changed.
This field can be edited. This password is for the keystore file that specified in the Path field.
Information Value Data type: Text
Type
Implementation for keyring management. This value defines the tool that operates on this keyring type. For a writable SAF keyring, the type is JCERACFKS. For writable SAF keyrings, the tool that operates on this SAF keyring is RACF.
Information Value Data type: Text
Read only
Whether the writable SAF keyring can be written to or not. If the keyring cannot be written to, certain operations cannot be performed, such as creating or importing certificates.
Information Value Default: Disabled
Initialize at startup
Whether the writable keyring needs to be initialized before it can be used for cryptographic operations. If enabled, the keyring is initialized at server startup.
Information Value Default: Disabled
Enable cryptographic operations on hardware device
Whether a hardware cryptographic device is used for cryptographic operations only. Operations that require a login are not supported when using this option.
Information Value Default: Disabled
Related tasks
Create writable SAF keyrings Use writable SAF keyrings
Keystores and certificates collection