Skip to main content

 
IBM Systems  > Mainframe servers  > Operating systems  > 

PKI Services for z/OS

Supported Certificate Fields and Extensions

  
Overview Components Standards Additional Information
Public Keys   |   Certificate Types   |   Fields & Extensions
PKI Services certificates support most of the fields and extensions defined in the X.509 version 3 (X.509v3) standard. This support lets you use these certificates for most cryptographic purposes, such as SSL, IPSEC, VPN, and S/MIME.

PKI Services certificates can include the following types of extensions:

Standard extensions

  • The standard X.509v3 certificate extensions:
    • authority key identifier
    • authority information access
    • basic constraints
    • certificate policies
    • certificate revocation list (CRL) distribution points
    • extended key usage
    • key usage
    • subject alternate name
    • subject key identifier

Custom extensions

PKI Services supports the use of customized extensions. Any extension can be includes in a certificate that is in the following form:

Extension ::= SEQUENCE {
                        extnID OBJECT IDENTIFIER,
                        critical BOOLEEAN DEFAULT FALSE,
                        extnValue OCTET STRING
                       }

Other extensions

Extensions that are unique to PKI Services, such as host identity mapping. This extension associates the subject of a certificate with a corresponding identity on a host system, such as with a RACF user ID.

 


 
We're here to help
Easy ways to get the answers you need..