LEADER 07832nam  2200565Ia 450 
001 9910824358303321
005 20200520144314.0
035   $a(CKB)1000000000243524
035   $a(SSID)ssj0000280649
035   $a(PQKBManifestationID)11228874
035   $a(PQKBTitleCode)TC0000280649
035   $a(PQKBWorkID)10291200
035   $a(PQKB)11352891
035   $a(MiAaPQ)EBC3306877
035   $a(Au-PeEL)EBL3306877
035   $a(CaPaEBR)ebr10113039
035   $a(OCoLC)137342311
035   $a(EXLCZ)991000000000243524
100   $a20040407d2004      uy         0
101 0 $aeng
135   $aurcn|||||||||
181   $ctxt
182   $cc
183   $acr
200 00$aImplementing PKI Services on z/OS /$f[Chris Rayns ... et al.]
205   $a1st ed.
210   $a[S.l.] $cIBM, International Technical Support Organization$dc2004
215   $axii, 346 p. $cill
225 1 $aIBM redbooks
300   $a"February 2004."
311   $a0-7384-9874-2 
327   $aFront cover -- Contents -- Notices -- Trademarks -- Preface -- The team that wrote this redbook -- Become a published author -- Comments welcome -- Chapter 1. Security Server PKI Services -- 1.1 Overview of digital certificate -- 1.2 The PKIX standards -- 1.2.1 CA hierarchy -- 1.2.2 The X.509 certificate and Certificate Revocation List -- 1.2.3 The x.509 v3 certificate extension fields -- 1.2.4 Certificate and CRL appearance -- 1.3 The z/OS PKI Services -- 1.3.1 Security Server PKI Services in z/OS -- 1.3.2 Prerequisite products -- 1.3.3 Requests supported by z/OS PKI Services -- 1.3.4 Browser and server certificates -- 1.3.5 The z/OS PKI Services architecture -- 1.4 Security Server PKI Services enhancement in z/OS V1R4 -- 1.4.1 Sysplex support -- 1.4.2 Event notification via e-mail -- 1.4.3 Additional distinguished name qualifier support -- 1.4.4 LDAP password encryption -- 1.4.5 PKCS#7 certificate chain support -- 1.4.6 Key generation via PCICC -- 1.4.7 Additional default CERTAUTH -- 1.4.8 Summary of z/OS PKI external characteristics as of z/OS V1R4 -- Chapter 2. RACF for PKI Services -- 2.1 Introduction to creating an RACF environment for new products -- 2.1.1 RACF group structure -- 2.1.2 Machine user IDs -- 2.1.3 System data set profiles -- 2.1.4 Ownership -- 2.2 New RACF features -- 2.2.1 Access control lists -- 2.2.2 Automatic assignment of UID/GID -- 2.3 Setting up RACF environment for PKI prerequisites -- 2.3.1 z/OS UNIX level security -- 2.3.2 RACF for Web server -- 2.3.3 RACF for OCSF and OCEP -- 2.3.4 RACF for LDAP -- 2.3.5 RACF for ICSF -- 2.4 Setting up the RACF environment for PKI Services -- 2.4.1 Add RACF groups for PKI Services -- 2.4.2 Adding RACF user IDs for PKI Services -- 2.4.3 Adding PKI data set profiles -- 2.4.4 Using RACF to create certificates -- 2.4.5 Daemon and server control for PKI user ID and surrogate user ID.
327   $a2.4.6 Allow PKI user ID to act as CA -- 2.4.7 Allow Web server to access its own key ring -- 2.4.8 Allow Web server user ID to switch identity to surrogate user ID -- 2.4.9 Profile for PKI Services procedure in class STARTED -- 2.4.10 Allow access for PKISTU to OCSF -- 2.4.11 ICSF -- 2.4.12 Protect certificate functions -- 2.5 RACF administration for PKI Services -- 2.5.1 Creating a help desk function -- 2.5.2 Administering certificates with the HostIdMappings extension -- 2.5.3 Display your PKI Services certificates -- 2.5.4 Establishing PKI Services as intermediate certificate authority -- 2.5.5 Renewing your PKI Services CA certificate -- 2.5.6 Recovering a CA certificate profile -- 2.5.7 Controlling applications that call R_PKIServ -- 2.5.8 Using encrypted passwords for LDAP servers -- 2.5.9 Register a Personal Certificate with RACF -- Chapter 3. Easy steps to get PKI up and running -- 3.1 Preparing the PKI Server installation -- 3.1.1 Steps to set up the PKI server -- 3.2 Prepare and configure the environment -- 3.3 Setting up the Web servers for PKI -- 3.3.1 Why do we need two Web servers? -- 3.3.2 Setting up the Web server as a secure Web server -- 3.3.3 Customizing the Web server for SSL -- 3.3.4 Customizing the first Web server for PKI -- 3.3.5 Customizing the second Web server for PKI -- 3.4 Setting up the LDAP server for PKI -- 3.4.1 LDAP setup: running the ldapcnf utility -- 3.5 Setting up the PKI Services task -- 3.6 Configure OCSF and OCEP to work with PKI Services -- 3.7 Configure the PKI Services -- 3.7.1 Set up the environment variables for PKI Services -- 3.7.2 Customizing the PKI Services configuration file -- 3.7.3 Customizing the PKI template -- 3.8 Checking the VSAM data set -- Chapter 4. Customizing the z/OS PKI Services: the template file -- 4.1 The template file, CGI, and the Web end user -- 4.1.1 The template file sections.
327   $a4.1.2 The CGI modules -- 4.1.3 Relationship between CGI modules and Web user templates -- 4.1.4 An example of simple customization of the template file -- 4.2 Structure of the template file for interaction with the PKI Administrator -- 4.2.1 The CGI modules -- 4.2.2 Customization of the administration Web pages -- 4.2.3 PKI administrator e-mail address -- 4.2.4 PKI Services certification policy -- 4.2.5 Link to PKI Services from your home page -- 4.2.6 Certificate authentication for administrators -- Chapter 5. PKI Installation using the IKYSETUP REXX exec -- 5.1 IKYSETUP overview -- 5.2 IKYSETUP variables -- 5.2.1 Compulsory changes to IKYSETUP -- 5.2.2 Probable changes to IKYSETUP -- 5.2.3 Optional changes to IKYSETUP -- Chapter 6. PKI Exit -- 6.1 PKI Exit main routine -- 6.2 Steps for installing and modifying the exit code sample -- 6.3 Test for scenario 1 -- Chapter 7. PKI Services and the Cryptographic Coprocessor -- 7.1 Introduction to Cryptography Solution on S/390 - zSeries -- 7.1.1 Cryptographic Coprocessor Feature (CCF) -- 7.1.2 PCI Cryptographic Coprocessor (PCICC) -- 7.1.3 PCI Cryptographic Accelerator (PCICA) -- 7.1.4 Assigning coprocessors to an LPAR -- 7.2 Cryptographic solution on z990 -- 7.2.1 CP Assist for Cryptographic Function -- 7.2.2 PCI Extended Cryptographic Coprocessor -- 7.2.3 Software requirements -- 7.3 Integrated Cryptographic Services Facility -- 7.3.1 CKDS and PKDS -- 7.3.2 Controlling access to ICSF resources -- 7.4 Boosting SSL connection with hardware encryption -- 7.4.1 Secure Sockets Layer (SSL) -- 7.4.2 IBM HTTP Server accessing the cryptographic coprocessor -- 7.4.3 Checking hardware encryption for Web server encryption -- 7.5 Keeping your CA signature key secure with ICSF -- 7.5.1 RACF taking advantage of ICSF -- 7.6 Sharing PKDS in a sysplex environment -- Chapter 8. LDAP enhancements for availability.
327   $a8.1 Optional LDAP enhancements for availability -- 8.1.1 Redundancy -- Appendix A. PKI Exit sample -- Appendix B. List of sample files provided with PKI Services -- httpd.conf sample for PKI Web server 1 -- httpd.envvars sample for the PKI Web server -- httpd.conf sample for PKI Web server 2 -- pkiserv.conf -- pkiserv.envars -- pkiserv.tmpl -- PKI Services subcomponents and message levels -- JCL samples -- Related publications -- IBM Redbooks -- Other publications -- Online resources -- How to get IBM Redbooks -- Index -- Back cover.
410  0$aIBM redbooks.
606   $aPublic key infrastructure (Computer security)
606   $aComputer networks$xSecurity measures
615  0$aPublic key infrastructure (Computer security)
615  0$aComputer networks$xSecurity measures.
676   $a005.8
701   $aRayns$b Chris$01606602
712 02$aInternational Business Machines Corporation.$bInternational Technical Support Organization.
801  0$bMiAaPQ
801  1$bMiAaPQ
801  2$bMiAaPQ
906   $aBOOK
912   $a9910824358303321
996   $aImplementing PKI Services on z$93969647
997   $aUNINA