The following table lists the types of certificates that you can request, based on the certificate templates that are included with PKI Services. Certificate templates are samples of the most commonly requested certificate types. You can add, modify, and remove certificate templates to customize the variety of certificate types you offer to your users.
Note: You can customize certificate templates to add, modify and remove certificate types.
|Type of certificate||Use|
|One-year PKI SSL browser certificate||End-user client authentication using SSL|
|One-year PKI Generated Key certificate||End-user client authentication, with the ability to recover lost private keys|
|One-year PKI S/MIME browser certificate||Browser-based e-mail encryption|
|Two-year PKI browser certificate for authenticating to z/OS||End-user client authorization using SSL when logging onto z/OS|
|Two-year PKI Windows Logon certificate||Logon to Windows|
|Five-year PKI SSL server certificate||SSL Web server certification|
|Five-year PKI IPSEC server (firewall) certificate||Firewall server identification and key exchange|
|Five-year PKI intermediate CA certificate||Subordinate (non-self-signed) Certificate Authority certification|
|Five-year SCEP certificate - Pregistration||Preregister a user or device for a SCEP certificate|
|One-year SAF browser certificate||End-user client authentication where RACF (not PKI Services) is the certificate provider|
|One-year SAF server certificate||Web server SSL certification where RACF (not PKI Services) is the certificate provider|