Key Database

This section is required if you are running Top Secret or ACF2 and must create a key database.

Note: If you are running RACF, you must use the RACF RACDCERT command to create your certificate ring file.

For more information on using the gskkyman utility, you can review this IBM document: SC24-5877 OS/390 Cryptographic Services System Secure Sockets Layer Programming Guide and Reference.

To make it easier to execute the gskkyman utility, you can copy the KEYMAN exec in the platform server EXEC library to the HFS system.

The following command can be used to copy the member to your HFS home directory:

OPUTX 'FUSION.EXEC(KEYMAN)' /u/userid LC MODE(733)

The /u/userid field must be changed to the directory where you want to add the exec. The MODE(733) assigns read/write/execute privileges to your user ID, and read/execute privileges to all other users. You can set this field as you want.

See the following copy of the exec that can be used to execute the KEYMAN utility:

#  Run SSL Key Manager Program               
export LIBPATH=$LIBPATH:.:/usr/lpp/gskssl/lib
export PATH=$PATH:.:/usr/lpp/gskssl/bin      
export STEPLIB=$STEPLIB:CDS.SGSKLOAD         
gskkyman $1 $2 $3                            
exit

The library specified is CDS.SGSKLOAD. This version is valid for OS/390 version 2.7. The data set name for other versions might be different. If this data set is not found, try using GSK.SGSKLOAD.

Contents

Index

Search Results

Key Database