|
Administration Web application
Assists authorized administrators to review requests for certificates, approve or reject requests, renew certificates, or revoke certificates through their own Web browsers. The application consists of sample screens that you can easily customize to display your organization’s logo. It also supports the following tasks:
- Reviewing pending certificate requests
- Querying pending requests to process those that meet certain criteria
- Displaying detailed information about a certificate or request
- Monitoring certificate information, such as validity period
- Annotating the reason for an administrative action
End-user Web application
Guides your users to request, obtain, and renew certificates through their Web browsers. The application consists of sample screens that you can easily customize to meet your organization’s needs for certificate content and standards for appearance. It offers several certificate templates that you can use to create requests for a variety of certificate types, based on the certificate’s intended purpose and validity period, and supports certificate requests that are automatically approved.
Exit
Provides advanced customization for additional authorization checking, validating, and changing parameters on calls to the R_PKIServ callable service (IRRSPX00), and capturing certificates for further processing. You can call this exit from the PKIServ CGIs and use its IRRSPX00 pre-processing and post-processing functions. A code sample in C language code is included.
ICSF (optional)
Securely stores the PKI Services certificate authority’s private signing key.
LDAP
The directory that maintains information about the valid and revoked certificates that PKI Services issues in an LDAP-compliant format. You can use an LDAP server such as z/OS Security Server LDAP.
PKI Services daemon
The server daemon that acts as your certificate authority, confirming the identities of users and servers, verifying that they are entitled to certificates with the requested attributes, and approving and rejecting requests to issue and renew certificates. It includes support for:
- An issued certificate list (ICL) to track issued certificates
- Certificate revocation lists (CRLs) and Online Certificate Status Protocol (OCSP) to track revoked certificates
R_PKIServ callable service (IRRSPX00)
The application programming interface (API) that allows authorized applications, such as servers, to programmatically request the functions of PKI Services to generate, retrieve and administer certificates.
RACF (or equivalent)
Controls who can use the functions of the R_PKIServ callable service and protects the components of your PKI Services system. RACF creates your certificate authority’s certificate, key ring and private key. You can also use it to store the private key, if ICSF is not available.
z/OS HTTP Server
PKI Services uses the Web server to encrypt messages, authenticate requests, and transfer certificates to intended recipients.
|
