Enhancements to Existing Features › Product Enhancements r15 › z/OS 1.12 Support › PKI Services
PKI Services
The R_PKIServ callable service allows applications to request the generation and retrieval of certificate and certificate requests. Support has been added for the following features for this service:
- Multiple Subject Alternate Name values support—parameters AltDomain, AltEmail, AltIPAddr, AltURI may be repeated in the CertPlist for GENCERT, REQCERT, MODIFYREQS, REQDETAILS, CERTDETAILS and VERIFY.
- Elliptic Curve Cryptography (ECC) support—z/OS 1.12 introduces certificates with the Elliptic Curve algorithm instead of the RSA or DSA algorithms. ECC is regarded by the National Security Agency (NSA) as a faster algorithm that requires a smaller key than RSA cryptography. Users can specify the size of the key in bits with the KeySize parameter. Users can also specify the algorithm of the key using the KeyAlg parameter if it is to be generated by PKI Services. Both parameters can be specified on the GENCERT and REQCERT requests.
- Custom extensions—CustomExt is a new parameter that is used to specify a customized extension in the form of a comma separated four part string. This parameter is found in the CertPlist for GENCERT, REQCERT, MODIFYREQS, REQDETAILS and CERTDETAILS.
For more information about this enhancement, see the Command Functions Guide.
Copyright © 2014 CA Technologies.
All rights reserved.
|
|