PKI Services for z/OS

Supported Certificate Types

The following table lists the types of certificates that you can request, based on the certificate templates that are included with PKI Services. Certificate templates are samples of the most commonly requested certificate types. You can add, modify, and remove certificate templates to customize the variety of certificate types you offer to your users.

Note: You can customize certificate templates to add, modify and remove certificate types.

Type of certificate Use
One-year PKI SSL browser certificate End-user client authentication using SSL
One-year PKI Generated Key certificate End-user client authentication, with the ability to recover lost private keys
One-year PKI S/MIME browser certificate Browser-based e-mail encryption
Two-year PKI browser certificate for authenticating to z/OS End-user client authorization using SSL when logging onto z/OS
Two-year PKI Windows Logon certificate Logon to Windows
Five-year PKI SSL server certificate SSL Web server certification
Five-year PKI IPSEC server (firewall) certificate Firewall server identification and key exchange
Five-year PKI intermediate CA certificate Subordinate (non-self-signed) Certificate Authority certification
Five-year SCEP certificate - Pregistration Preregister a user or device for a SCEP certificate
One-year SAF browser certificate End-user client authentication where RACF (not PKI Services) is the certificate provider
One-year SAF server certificate Web server SSL certification where RACF (not PKI Services) is the certificate provider

Contact IBM

Browse z/OS