(ZOS) Writable SAF Keyring settings
Manage existing writable System Authorization Facility (SAF) keyrings on the z/OS platform.
From the admin console, click...
- Security > SSL certificate and key management > Configuration settings > Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration > Related Items > Key stores and certificates
Click an existing keystore. Under Writable SAF Keyrings, click Control region keyring to manage the control region keyring information or click Servant region keyring to manage the servant region keyring information.
Any changes made to this page are permanent.
Name
Unique name to identify the writable SAF keyring. The name is the name of the keystore specified on the create command that corresponds to the keyring owned by the RACF ID of the control region process. Or it is the name of the keystore specified on the create command that corresponds to the keyring owned by the RACF ID of the servant region process. The name is <your_keystore_name> -CR for the control region user and <your_keystore_name> -SR for the servant region user.
| Information | Value |
|---|---|
| Data type: | Text |
Description
Description of the writable SAF keyring (either the control region keyring or the servant region keyring).
| Information | Value |
|---|---|
| Data type: | Text |
Management scope
Management scope associated with the writable SAF keyring. These keystores are created in the same scope as <your_keystore_name> and can be accessed from the administrative console from the <your_keystore_name> collection panel.
| Information | Value |
|---|---|
| Data type: | Text |
Path
Location of the keyring file in the format needed by the keystore type. This file is a URL of the form, safkeyring:///your_keyring_name.
| Information | Value |
|---|---|
| Data type: | text |
Change password [existing SAF keyring]
Password used to protect the keystore. For the default keyring (names ending in DefaultKeyStore or DefaultTrustStore) for which this keyring is associated, the password is WebAS. This default password must be changed.
This field can be edited. This password is for the keystore file specified in the Path field.
| Information | Value |
|---|---|
| Data type: | Text |
Type
The implementation for keyring management. This value defines the tool that operates on this keyring type. For a writable SAF keyring, the type is JCERACFKS. For writable SAF keyrings, the tool that operates on this SAF keyring is RACF.
| Information | Value |
|---|---|
| Data type: | Text |
Read only
Specifies whether the writable SAF keyring can be written to or not. If the keyring cannot be written to, certain operations cannot be performed, such as creating or importing certificates.
| Information | Value |
|---|---|
| Default: | Disabled |
Initialize at startup
Specifies whether the writable keyring needs to be initialized before it can be used for cryptographic operations. If enabled, the keyring is initialized at server startup.
| Information | Value |
|---|---|
| Default: | Disabled |
Enable cryptographic operations on hardware device
Specifies whether a hardware cryptographic device is used for cryptographic operations only. Operations that require a login are not supported when using this option.
| Information | Value |
|---|---|
| Default: | Disabled |