Implementing PKI Services on z/OS / / [Chris Rayns ... et al.]
(Visualizza in formato marc)
(Visualizza in BIBFRAME)
| Titolo: |
Implementing PKI Services on z/OS / / [Chris Rayns ... et al.]
|
| Pubblicazione: | [S.l.], : IBM, International Technical Support Organization, c2004 |
| Edizione: | 1st ed. |
| Descrizione fisica: | xii, 346 p. : ill |
| Disciplina: | 005.8 |
| Soggetto topico: | Public key infrastructure (Computer security) |
| Computer networks - Security measures | |
| Altri autori: |
RaynsChris
|
| Note generali: | "February 2004." |
| Nota di contenuto: | Front cover -- Contents -- Notices -- Trademarks -- Preface -- The team that wrote this redbook -- Become a published author -- Comments welcome -- Chapter 1. Security Server PKI Services -- 1.1 Overview of digital certificate -- 1.2 The PKIX standards -- 1.2.1 CA hierarchy -- 1.2.2 The X.509 certificate and Certificate Revocation List -- 1.2.3 The x.509 v3 certificate extension fields -- 1.2.4 Certificate and CRL appearance -- 1.3 The z/OS PKI Services -- 1.3.1 Security Server PKI Services in z/OS -- 1.3.2 Prerequisite products -- 1.3.3 Requests supported by z/OS PKI Services -- 1.3.4 Browser and server certificates -- 1.3.5 The z/OS PKI Services architecture -- 1.4 Security Server PKI Services enhancement in z/OS V1R4 -- 1.4.1 Sysplex support -- 1.4.2 Event notification via e-mail -- 1.4.3 Additional distinguished name qualifier support -- 1.4.4 LDAP password encryption -- 1.4.5 PKCS#7 certificate chain support -- 1.4.6 Key generation via PCICC -- 1.4.7 Additional default CERTAUTH -- 1.4.8 Summary of z/OS PKI external characteristics as of z/OS V1R4 -- Chapter 2. RACF for PKI Services -- 2.1 Introduction to creating an RACF environment for new products -- 2.1.1 RACF group structure -- 2.1.2 Machine user IDs -- 2.1.3 System data set profiles -- 2.1.4 Ownership -- 2.2 New RACF features -- 2.2.1 Access control lists -- 2.2.2 Automatic assignment of UID/GID -- 2.3 Setting up RACF environment for PKI prerequisites -- 2.3.1 z/OS UNIX level security -- 2.3.2 RACF for Web server -- 2.3.3 RACF for OCSF and OCEP -- 2.3.4 RACF for LDAP -- 2.3.5 RACF for ICSF -- 2.4 Setting up the RACF environment for PKI Services -- 2.4.1 Add RACF groups for PKI Services -- 2.4.2 Adding RACF user IDs for PKI Services -- 2.4.3 Adding PKI data set profiles -- 2.4.4 Using RACF to create certificates -- 2.4.5 Daemon and server control for PKI user ID and surrogate user ID. |
| 2.4.6 Allow PKI user ID to act as CA -- 2.4.7 Allow Web server to access its own key ring -- 2.4.8 Allow Web server user ID to switch identity to surrogate user ID -- 2.4.9 Profile for PKI Services procedure in class STARTED -- 2.4.10 Allow access for PKISTU to OCSF -- 2.4.11 ICSF -- 2.4.12 Protect certificate functions -- 2.5 RACF administration for PKI Services -- 2.5.1 Creating a help desk function -- 2.5.2 Administering certificates with the HostIdMappings extension -- 2.5.3 Display your PKI Services certificates -- 2.5.4 Establishing PKI Services as intermediate certificate authority -- 2.5.5 Renewing your PKI Services CA certificate -- 2.5.6 Recovering a CA certificate profile -- 2.5.7 Controlling applications that call R_PKIServ -- 2.5.8 Using encrypted passwords for LDAP servers -- 2.5.9 Register a Personal Certificate with RACF -- Chapter 3. Easy steps to get PKI up and running -- 3.1 Preparing the PKI Server installation -- 3.1.1 Steps to set up the PKI server -- 3.2 Prepare and configure the environment -- 3.3 Setting up the Web servers for PKI -- 3.3.1 Why do we need two Web servers? -- 3.3.2 Setting up the Web server as a secure Web server -- 3.3.3 Customizing the Web server for SSL -- 3.3.4 Customizing the first Web server for PKI -- 3.3.5 Customizing the second Web server for PKI -- 3.4 Setting up the LDAP server for PKI -- 3.4.1 LDAP setup: running the ldapcnf utility -- 3.5 Setting up the PKI Services task -- 3.6 Configure OCSF and OCEP to work with PKI Services -- 3.7 Configure the PKI Services -- 3.7.1 Set up the environment variables for PKI Services -- 3.7.2 Customizing the PKI Services configuration file -- 3.7.3 Customizing the PKI template -- 3.8 Checking the VSAM data set -- Chapter 4. Customizing the z/OS PKI Services: the template file -- 4.1 The template file, CGI, and the Web end user -- 4.1.1 The template file sections. | |
| 4.1.2 The CGI modules -- 4.1.3 Relationship between CGI modules and Web user templates -- 4.1.4 An example of simple customization of the template file -- 4.2 Structure of the template file for interaction with the PKI Administrator -- 4.2.1 The CGI modules -- 4.2.2 Customization of the administration Web pages -- 4.2.3 PKI administrator e-mail address -- 4.2.4 PKI Services certification policy -- 4.2.5 Link to PKI Services from your home page -- 4.2.6 Certificate authentication for administrators -- Chapter 5. PKI Installation using the IKYSETUP REXX exec -- 5.1 IKYSETUP overview -- 5.2 IKYSETUP variables -- 5.2.1 Compulsory changes to IKYSETUP -- 5.2.2 Probable changes to IKYSETUP -- 5.2.3 Optional changes to IKYSETUP -- Chapter 6. PKI Exit -- 6.1 PKI Exit main routine -- 6.2 Steps for installing and modifying the exit code sample -- 6.3 Test for scenario 1 -- Chapter 7. PKI Services and the Cryptographic Coprocessor -- 7.1 Introduction to Cryptography Solution on S/390 - zSeries -- 7.1.1 Cryptographic Coprocessor Feature (CCF) -- 7.1.2 PCI Cryptographic Coprocessor (PCICC) -- 7.1.3 PCI Cryptographic Accelerator (PCICA) -- 7.1.4 Assigning coprocessors to an LPAR -- 7.2 Cryptographic solution on z990 -- 7.2.1 CP Assist for Cryptographic Function -- 7.2.2 PCI Extended Cryptographic Coprocessor -- 7.2.3 Software requirements -- 7.3 Integrated Cryptographic Services Facility -- 7.3.1 CKDS and PKDS -- 7.3.2 Controlling access to ICSF resources -- 7.4 Boosting SSL connection with hardware encryption -- 7.4.1 Secure Sockets Layer (SSL) -- 7.4.2 IBM HTTP Server accessing the cryptographic coprocessor -- 7.4.3 Checking hardware encryption for Web server encryption -- 7.5 Keeping your CA signature key secure with ICSF -- 7.5.1 RACF taking advantage of ICSF -- 7.6 Sharing PKDS in a sysplex environment -- Chapter 8. LDAP enhancements for availability. | |
| 8.1 Optional LDAP enhancements for availability -- 8.1.1 Redundancy -- Appendix A. PKI Exit sample -- Appendix B. List of sample files provided with PKI Services -- httpd.conf sample for PKI Web server 1 -- httpd.envvars sample for the PKI Web server -- httpd.conf sample for PKI Web server 2 -- pkiserv.conf -- pkiserv.envars -- pkiserv.tmpl -- PKI Services subcomponents and message levels -- JCL samples -- Related publications -- IBM Redbooks -- Other publications -- Online resources -- How to get IBM Redbooks -- Index -- Back cover. | |
| Titolo autorizzato: | Implementing PKI Services on z |
| Formato: | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione: | Inglese |
| Record Nr.: | 9910824358303321 |
| Lo trovi qui: | Univ. Federico II |
| Opac: | Controlla la disponibilità qui |
Serie:
IBM redbooks.