Certificate (key ring) location
SSL requires server and optionally client authentication. Such authentication requires the server certificate location. Client authentication certificates reside in the same data base.
System SSL supports the following two methods for managing PKI private keys and certificates.
- A z/OS shell-based program call gskkyman. gskkyman creates, fills in, and manages a z/OS HFS file
that contains PKI private keys, certificate requests and certificates. This z/OS HFS file is called a key database and,
by convention, has a file extension of .kbd. Refer to the z/OS: System Secure Sockets Layer Programming, SC24-5901.
- The z/OS SecureWay Security Server (RACF) RACDCERT command. RACDCERT installs and maintains PKI private keys
and certificates in RACF. Refer to the z/OS: SecuryWay Security Server RACF Command Language Reference, SA22-7687. RACF supports multiple PKI private keys and certificates to be managed as a group.
These groups are called key rings. RACF key rings are the preferred method for managing PKI private keys and certificates.