Use this page to manage existing writable System Authorization Facility (SAF) keyrings on the z/OS platform.
To view this administrative console page, click Security > SSL certificate and key management. Under Configuration settings, click Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration. Under Related Items, click Key stores and certificates. Click an existing keystore. Under Writable SAF Keyrings, click Control region keyring to manage the control region keyring information or click Servant region keyring to manage the servant region keyring information.
Specifies the unique name to identify the writable SAF keyring. The name is the name of the keystore specified on the create command that corresponds to the keyring owned by the RACF ID of the control region process. Or it is the name of the keystore specified on the create command that corresponds to the keyring owned by the RACF ID of the servant region process. The name is <your_keystore_name> -CR for the control region user and<your_keystore_name> -SR for the servant region user.
Data type: | Text |
Specifies the description of the writable SAF keyring (either the control region keyring or the servant region keyring).
Data type: | Text |
Specifies the management scope associated with the writable SAF keyring. These keystores are created in the same scope as <your_keystore_name> and can be accessed from the administrative console from the <your_keystore_name> collection panel.
Data type: | Text |
Specifies the location of the keyring file in the format needed by the keystore type. This file is a URL of the form, safkeyring:///your_keyring_name.
Data type: | text |
Specifies the password used to protect the keystore. For the default keyring (names ending in DefaultKeyStore or DefaultTrustStore) for which this keyring is associated, the password is WebAS. This default password must be changed.
Data type: | Text |
Specifies the implementation for keyring management. This value defines the tool that operates on this keyring type. For a writable SAF keyring, the type is JCERACFKS. For writable SAF keyrings, the tool that operates on this SAF keyring is RACF.
Data type: | Text |
Specifies whether the writable SAF keyring can be written to or not. If the keyring cannot be written to, certain operations cannot be performed, such as creating or importing certificates.
Default: | Disabled |
Specifies whether the writable keyring needs to be initialized before it can be used for cryptographic operations. If enabled, the keyring is initialized at server startup.
Default: | Disabled |
Specifies whether a hardware cryptographic device is used for cryptographic operations only. Operations that require a login are not supported when using this option.
Default: | Disabled |