IBM Systems > Mainframe servers > Operating systems >

PKI Services for z/OS

Supported Certificate Types

Overview

Components

Standards

Additional Information


	Public Keys \| Certificate Types \| Fields & Extensions

The following table lists the types of certificates that you can request, based on the certificate templates that are included with PKI Services. Certificate templates are samples of the most commonly requested certificate types. You can add, modify, and remove certificate templates to customize the variety of certificate types you offer to your users.

Note: You can customize certificate templates to add, modify and remove certificate types.

Type of certificate	Use
One-year PKI SSL browser certificate	End-user client authentication using SSL
One-year PKI Generated Key certificate	End-user client authentication, with the ability to recover lost private keys
One-year PKI S/MIME browser certificate	Browser-based e-mail encryption
Two-year PKI browser certificate for authenticating to z/OS	End-user client authorization using SSL when logging onto z/OS
Two-year PKI Windows Logon certificate	Logon to Windows
Five-year PKI SSL server certificate	SSL Web server certification
Five-year PKI IPSEC server (firewall) certificate	Firewall server identification and key exchange
Five-year PKI intermediate CA certificate	Subordinate (non-self-signed) Certificate Authority certification
Five-year SCEP certificate - Pregistration	Preregister a user or device for a SCEP certificate
One-year SAF browser certificate	End-user client authentication where RACF (not PKI Services) is the certificate provider
One-year SAF server certificate	Web server SSL certification where RACF (not PKI Services) is the certificate provider