Keywords › ICSF Keyword—Place Private Key in ICSF
ICSF Keyword—Place Private Key in ICSF
Valid on z/OS.
Use the ICSF keyword to indicate that the generated private key is placed in ICSF. If the DSN parameter was also specified and an existing certificate is replaced, the certificate is also placed in ICSF. ICSF must be active and configured for PKA operations.
Consider the following:
- ICSF specified with ADD is ignored if no private key is involved
- If ICSF is not specified with ADD, the key is stored in the security file as a non‑ICSF key
- If ICSF is specified with ADD, but ICSF is not configured for PKA operations, the key is stored in the security file as a non‑ICSF key
- If the key is stored in ICSF, the security file stores a label (which refers to the key)
- You cannot export a certificate that has ICSF
- If the certificate's private key resides in an ICSF storage facility and the format of PKCS12DER or PKCS12B64 is specified in the TSS EXPORT command, the command is rejected
This keyword has the following format:
TSS GENCERT(acid) DIGICERT(8—byte name)
ICSF
TSS REKEY(acid) DIGICERT(8‑byte name)
DCDSN(dsname)
ICSF
This keyword is used with:
- The commands ADDTO, GENCERT, REKEY, REPLACE, and REMOVE
- The ACID types User, DCA, VCA, ZCA, LSCA, and SCA
- ACID(MAINTAIN) authority for users
- MISC4(CERTUSER) authority for user ACIDs
- MISC4(CERTSITE) authority for CERTSITE ACIDs
- MISC4(CERTAUTH) authority for CERTAUTH ACIDs
Copyright © 2009 CA.
All rights reserved.
|
|