We use it here extensively. , 1) setup is not horrible, hardest part was getting the HTTP server setup correctly. LDAP is not required. We have 3 or 4 PKI servers on the mainframe due to certificate hierarchies. Each instance has a PKI address space, and two http servers. 2) don't know. 3) don't know 4) don't know, we use IBM PKI services on the mainframe. And, pretty sure it is a no charge item.
Ours is architected like this: ROOT server: - root pki daemon - root certificate authority client interface - root certificate authority Admin interface Intermediate server: - Intermediate pki daemon - intermediate cert auth client interface - intermediate cert auth admin interface Intermediate non-prod server: - Intermediate non-prod pki daemon - intermediate non-prod cert auth client interface - intermediate non-prod cert auth admin interface The root server basically creates one cert in its lifetime. Most of the work occurs in the intermediate server. Certs created in the intermediate, are signed by the root certificate. As for the http servers, we tried to combine client and admin interfaces into the same server, but could never get it to work correctly, so we just put up separate instances all of these are on different ports. _________________________________________________________________ Dave Jousma Assistant Vice President, Mainframe Engineering david.jou...@53.com 1830 East Paris, Grand Rapids, MIĀ 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Dazzo, Matt Sent: Thursday, October 30, 2014 3:18 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: PKI Services for z/OS We are starting to look at certificate management, I was wondering how many folks were using PKI Services for z/OS? At this time I do not have any details or security requirements other than web based and runs on z/OS. Hey we are a little biased in getting or keeping applications on z/OS. Following are some additional questions if you have the time. 1. How is the install of PKI and setup to do, I read that LDAP is required how is that to install? 2. Does a vendor product offer simpler installation and setup? 3. Does a vendor product offer more features? 4. What vendor products are most common? Thanks, Matt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
