PKI Services for z/OS

Supported Certificate Fields and Extensions

PKI Services certificates support most of the fields and extensions defined in the X.509 version 3 (X.509v3) standard. This support lets you use these certificates for most cryptographic purposes, such as SSL, IPSEC, VPN, and S/MIME.

PKI Services certificates can include the following types of extensions:

Standard extensions

Custom extensions

PKI Services supports the use of customized extensions. Any extension can be includes in a certificate that is in the following form:

Extension ::= SEQUENCE {
                        extnID OBJECT IDENTIFIER,
                        critical BOOLEEAN DEFAULT FALSE,
                        extnValue OCTET STRING
                       }

Other extensions

Extensions that are unique to PKI Services, such as host identity mapping. This extension associates the subject of a certificate with a corresponding identity on a host system, such as with a RACF user ID.

Contact IBM

Browse z/OS