ORPP logo
Image from Google Jackets

Implementing PKI Services on z/OS.

By: Material type: TextTextPublisher: Durham : I B M, 2004Copyright date: ©2004Edition: 1st edDescription: 1 online resource (364 pages)Content type:
  • text
Media type:
  • computer
Carrier type:
  • online resource
ISBN:
  • 9780738498744
Subject(s): Genre/Form: Additional physical formats: Print version:: Implementing PKI Services on z/OSDDC classification:
  • 005.8
LOC classification:
  • QA76.9.A25 -- I52 2004eb
Online resources:
Contents:
Front cover -- Contents -- Notices -- Trademarks -- Preface -- The team that wrote this redbook -- Become a published author -- Comments welcome -- Chapter 1. Security Server PKI Services -- 1.1 Overview of digital certificate -- 1.2 The PKIX standards -- 1.2.1 CA hierarchy -- 1.2.2 The X.509 certificate and Certificate Revocation List -- 1.2.3 The x.509 v3 certificate extension fields -- 1.2.4 Certificate and CRL appearance -- 1.3 The z/OS PKI Services -- 1.3.1 Security Server PKI Services in z/OS -- 1.3.2 Prerequisite products -- 1.3.3 Requests supported by z/OS PKI Services -- 1.3.4 Browser and server certificates -- 1.3.5 The z/OS PKI Services architecture -- 1.4 Security Server PKI Services enhancement in z/OS V1R4 -- 1.4.1 Sysplex support -- 1.4.2 Event notification via e-mail -- 1.4.3 Additional distinguished name qualifier support -- 1.4.4 LDAP password encryption -- 1.4.5 PKCS#7 certificate chain support -- 1.4.6 Key generation via PCICC -- 1.4.7 Additional default CERTAUTH -- 1.4.8 Summary of z/OS PKI external characteristics as of z/OS V1R4 -- Chapter 2. RACF for PKI Services -- 2.1 Introduction to creating an RACF environment for new products -- 2.1.1 RACF group structure -- 2.1.2 Machine user IDs -- 2.1.3 System data set profiles -- 2.1.4 Ownership -- 2.2 New RACF features -- 2.2.1 Access control lists -- 2.2.2 Automatic assignment of UID/GID -- 2.3 Setting up RACF environment for PKI prerequisites -- 2.3.1 z/OS UNIX level security -- 2.3.2 RACF for Web server -- 2.3.3 RACF for OCSF and OCEP -- 2.3.4 RACF for LDAP -- 2.3.5 RACF for ICSF -- 2.4 Setting up the RACF environment for PKI Services -- 2.4.1 Add RACF groups for PKI Services -- 2.4.2 Adding RACF user IDs for PKI Services -- 2.4.3 Adding PKI data set profiles -- 2.4.4 Using RACF to create certificates -- 2.4.5 Daemon and server control for PKI user ID and surrogate user ID.
2.4.6 Allow PKI user ID to act as CA -- 2.4.7 Allow Web server to access its own key ring -- 2.4.8 Allow Web server user ID to switch identity to surrogate user ID -- 2.4.9 Profile for PKI Services procedure in class STARTED -- 2.4.10 Allow access for PKISTU to OCSF -- 2.4.11 ICSF -- 2.4.12 Protect certificate functions -- 2.5 RACF administration for PKI Services -- 2.5.1 Creating a help desk function -- 2.5.2 Administering certificates with the HostIdMappings extension -- 2.5.3 Display your PKI Services certificates -- 2.5.4 Establishing PKI Services as intermediate certificate authority -- 2.5.5 Renewing your PKI Services CA certificate -- 2.5.6 Recovering a CA certificate profile -- 2.5.7 Controlling applications that call R_PKIServ -- 2.5.8 Using encrypted passwords for LDAP servers -- 2.5.9 Register a Personal Certificate with RACF -- Chapter 3. Easy steps to get PKI up and running -- 3.1 Preparing the PKI Server installation -- 3.1.1 Steps to set up the PKI server -- 3.2 Prepare and configure the environment -- 3.3 Setting up the Web servers for PKI -- 3.3.1 Why do we need two Web servers? -- 3.3.2 Setting up the Web server as a secure Web server -- 3.3.3 Customizing the Web server for SSL -- 3.3.4 Customizing the first Web server for PKI -- 3.3.5 Customizing the second Web server for PKI -- 3.4 Setting up the LDAP server for PKI -- 3.4.1 LDAP setup: running the ldapcnf utility -- 3.5 Setting up the PKI Services task -- 3.6 Configure OCSF and OCEP to work with PKI Services -- 3.7 Configure the PKI Services -- 3.7.1 Set up the environment variables for PKI Services -- 3.7.2 Customizing the PKI Services configuration file -- 3.7.3 Customizing the PKI template -- 3.8 Checking the VSAM data set -- Chapter 4. Customizing the z/OS PKI Services: the template file -- 4.1 The template file, CGI, and the Web end user -- 4.1.1 The template file sections.
4.1.2 The CGI modules -- 4.1.3 Relationship between CGI modules and Web user templates -- 4.1.4 An example of simple customization of the template file -- 4.2 Structure of the template file for interaction with the PKI Administrator -- 4.2.1 The CGI modules -- 4.2.2 Customization of the administration Web pages -- 4.2.3 PKI administrator e-mail address -- 4.2.4 PKI Services certification policy -- 4.2.5 Link to PKI Services from your home page -- 4.2.6 Certificate authentication for administrators -- Chapter 5. PKI Installation using the IKYSETUP REXX exec -- 5.1 IKYSETUP overview -- 5.2 IKYSETUP variables -- 5.2.1 Compulsory changes to IKYSETUP -- 5.2.2 Probable changes to IKYSETUP -- 5.2.3 Optional changes to IKYSETUP -- Chapter 6. PKI Exit -- 6.1 PKI Exit main routine -- 6.2 Steps for installing and modifying the exit code sample -- 6.3 Test for scenario 1 -- Chapter 7. PKI Services and the Cryptographic Coprocessor -- 7.1 Introduction to Cryptography Solution on S/390 - zSeries -- 7.1.1 Cryptographic Coprocessor Feature (CCF) -- 7.1.2 PCI Cryptographic Coprocessor (PCICC) -- 7.1.3 PCI Cryptographic Accelerator (PCICA) -- 7.1.4 Assigning coprocessors to an LPAR -- 7.2 Cryptographic solution on z990 -- 7.2.1 CP Assist for Cryptographic Function -- 7.2.2 PCI Extended Cryptographic Coprocessor -- 7.2.3 Software requirements -- 7.3 Integrated Cryptographic Services Facility -- 7.3.1 CKDS and PKDS -- 7.3.2 Controlling access to ICSF resources -- 7.4 Boosting SSL connection with hardware encryption -- 7.4.1 Secure Sockets Layer (SSL) -- 7.4.2 IBM HTTP Server accessing the cryptographic coprocessor -- 7.4.3 Checking hardware encryption for Web server encryption -- 7.5 Keeping your CA signature key secure with ICSF -- 7.5.1 RACF taking advantage of ICSF -- 7.6 Sharing PKDS in a sysplex environment -- Chapter 8. LDAP enhancements for availability.
8.1 Optional LDAP enhancements for availability -- 8.1.1 Redundancy -- Appendix A. PKI Exit sample -- Appendix B. List of sample files provided with PKI Services -- httpd.conf sample for PKI Web server 1 -- httpd.envvars sample for the PKI Web server -- httpd.conf sample for PKI Web server 2 -- pkiserv.conf -- pkiserv.envars -- pkiserv.tmpl -- PKI Services subcomponents and message levels -- JCL samples -- Related publications -- IBM Redbooks -- Other publications -- Online resources -- How to get IBM Redbooks -- Index -- Back cover.
Tags from this library: No tags from this library for this title. Log in to add tags.
Star ratings
    Average rating: 0.0 (0 votes)
No physical items for this record

Front cover -- Contents -- Notices -- Trademarks -- Preface -- The team that wrote this redbook -- Become a published author -- Comments welcome -- Chapter 1. Security Server PKI Services -- 1.1 Overview of digital certificate -- 1.2 The PKIX standards -- 1.2.1 CA hierarchy -- 1.2.2 The X.509 certificate and Certificate Revocation List -- 1.2.3 The x.509 v3 certificate extension fields -- 1.2.4 Certificate and CRL appearance -- 1.3 The z/OS PKI Services -- 1.3.1 Security Server PKI Services in z/OS -- 1.3.2 Prerequisite products -- 1.3.3 Requests supported by z/OS PKI Services -- 1.3.4 Browser and server certificates -- 1.3.5 The z/OS PKI Services architecture -- 1.4 Security Server PKI Services enhancement in z/OS V1R4 -- 1.4.1 Sysplex support -- 1.4.2 Event notification via e-mail -- 1.4.3 Additional distinguished name qualifier support -- 1.4.4 LDAP password encryption -- 1.4.5 PKCS#7 certificate chain support -- 1.4.6 Key generation via PCICC -- 1.4.7 Additional default CERTAUTH -- 1.4.8 Summary of z/OS PKI external characteristics as of z/OS V1R4 -- Chapter 2. RACF for PKI Services -- 2.1 Introduction to creating an RACF environment for new products -- 2.1.1 RACF group structure -- 2.1.2 Machine user IDs -- 2.1.3 System data set profiles -- 2.1.4 Ownership -- 2.2 New RACF features -- 2.2.1 Access control lists -- 2.2.2 Automatic assignment of UID/GID -- 2.3 Setting up RACF environment for PKI prerequisites -- 2.3.1 z/OS UNIX level security -- 2.3.2 RACF for Web server -- 2.3.3 RACF for OCSF and OCEP -- 2.3.4 RACF for LDAP -- 2.3.5 RACF for ICSF -- 2.4 Setting up the RACF environment for PKI Services -- 2.4.1 Add RACF groups for PKI Services -- 2.4.2 Adding RACF user IDs for PKI Services -- 2.4.3 Adding PKI data set profiles -- 2.4.4 Using RACF to create certificates -- 2.4.5 Daemon and server control for PKI user ID and surrogate user ID.

2.4.6 Allow PKI user ID to act as CA -- 2.4.7 Allow Web server to access its own key ring -- 2.4.8 Allow Web server user ID to switch identity to surrogate user ID -- 2.4.9 Profile for PKI Services procedure in class STARTED -- 2.4.10 Allow access for PKISTU to OCSF -- 2.4.11 ICSF -- 2.4.12 Protect certificate functions -- 2.5 RACF administration for PKI Services -- 2.5.1 Creating a help desk function -- 2.5.2 Administering certificates with the HostIdMappings extension -- 2.5.3 Display your PKI Services certificates -- 2.5.4 Establishing PKI Services as intermediate certificate authority -- 2.5.5 Renewing your PKI Services CA certificate -- 2.5.6 Recovering a CA certificate profile -- 2.5.7 Controlling applications that call R_PKIServ -- 2.5.8 Using encrypted passwords for LDAP servers -- 2.5.9 Register a Personal Certificate with RACF -- Chapter 3. Easy steps to get PKI up and running -- 3.1 Preparing the PKI Server installation -- 3.1.1 Steps to set up the PKI server -- 3.2 Prepare and configure the environment -- 3.3 Setting up the Web servers for PKI -- 3.3.1 Why do we need two Web servers? -- 3.3.2 Setting up the Web server as a secure Web server -- 3.3.3 Customizing the Web server for SSL -- 3.3.4 Customizing the first Web server for PKI -- 3.3.5 Customizing the second Web server for PKI -- 3.4 Setting up the LDAP server for PKI -- 3.4.1 LDAP setup: running the ldapcnf utility -- 3.5 Setting up the PKI Services task -- 3.6 Configure OCSF and OCEP to work with PKI Services -- 3.7 Configure the PKI Services -- 3.7.1 Set up the environment variables for PKI Services -- 3.7.2 Customizing the PKI Services configuration file -- 3.7.3 Customizing the PKI template -- 3.8 Checking the VSAM data set -- Chapter 4. Customizing the z/OS PKI Services: the template file -- 4.1 The template file, CGI, and the Web end user -- 4.1.1 The template file sections.

4.1.2 The CGI modules -- 4.1.3 Relationship between CGI modules and Web user templates -- 4.1.4 An example of simple customization of the template file -- 4.2 Structure of the template file for interaction with the PKI Administrator -- 4.2.1 The CGI modules -- 4.2.2 Customization of the administration Web pages -- 4.2.3 PKI administrator e-mail address -- 4.2.4 PKI Services certification policy -- 4.2.5 Link to PKI Services from your home page -- 4.2.6 Certificate authentication for administrators -- Chapter 5. PKI Installation using the IKYSETUP REXX exec -- 5.1 IKYSETUP overview -- 5.2 IKYSETUP variables -- 5.2.1 Compulsory changes to IKYSETUP -- 5.2.2 Probable changes to IKYSETUP -- 5.2.3 Optional changes to IKYSETUP -- Chapter 6. PKI Exit -- 6.1 PKI Exit main routine -- 6.2 Steps for installing and modifying the exit code sample -- 6.3 Test for scenario 1 -- Chapter 7. PKI Services and the Cryptographic Coprocessor -- 7.1 Introduction to Cryptography Solution on S/390 - zSeries -- 7.1.1 Cryptographic Coprocessor Feature (CCF) -- 7.1.2 PCI Cryptographic Coprocessor (PCICC) -- 7.1.3 PCI Cryptographic Accelerator (PCICA) -- 7.1.4 Assigning coprocessors to an LPAR -- 7.2 Cryptographic solution on z990 -- 7.2.1 CP Assist for Cryptographic Function -- 7.2.2 PCI Extended Cryptographic Coprocessor -- 7.2.3 Software requirements -- 7.3 Integrated Cryptographic Services Facility -- 7.3.1 CKDS and PKDS -- 7.3.2 Controlling access to ICSF resources -- 7.4 Boosting SSL connection with hardware encryption -- 7.4.1 Secure Sockets Layer (SSL) -- 7.4.2 IBM HTTP Server accessing the cryptographic coprocessor -- 7.4.3 Checking hardware encryption for Web server encryption -- 7.5 Keeping your CA signature key secure with ICSF -- 7.5.1 RACF taking advantage of ICSF -- 7.6 Sharing PKDS in a sysplex environment -- Chapter 8. LDAP enhancements for availability.

8.1 Optional LDAP enhancements for availability -- 8.1.1 Redundancy -- Appendix A. PKI Exit sample -- Appendix B. List of sample files provided with PKI Services -- httpd.conf sample for PKI Web server 1 -- httpd.envvars sample for the PKI Web server -- httpd.conf sample for PKI Web server 2 -- pkiserv.conf -- pkiserv.envars -- pkiserv.tmpl -- PKI Services subcomponents and message levels -- JCL samples -- Related publications -- IBM Redbooks -- Other publications -- Online resources -- How to get IBM Redbooks -- Index -- Back cover.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.

There are no comments on this title.

to post a comment.

© 2024 Resource Centre. All rights reserved.