Managing Digital Certificates across the Enterprise

Managing Digital Certificates across the Enterprise

by Keith Winnard, Martina vondem Bussche, Wai Choi, David Rossi
Released February 2016
Publisher(s): IBM Redbooks
ISBN: 9780738441504

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

This IBM® Redbooks® publication is the first in a series of five books that relate to the implementation and management of digital certificates that are based on a public key infrastructure. Digital certificates play a major role in the protection of data communications and their use continues to grow.

This Redbooks publication includes the following chapters:
- Chapter 1, “Digital certificates overview” on page 1 provides an overview of digital certificates. It describes their purpose, gives a high-level overview of how they are created and their relationship to keys and encryption, and how they can be deployed into an organization.
- Chapter 2, “Digital certificate management considerations” on page 19 describes choices and their possible effects to consider for setting up and organizing the infrastructure and processes to be effective in your environments.
- Chapter 3, “Introducing z/OS PKI Services” on page 27 describes how the IBM z/OS® PKI services can provide you with a cross-platform solution to manage your digital certificates and build a strong solution that uses established qualities of service.

After you read this IBM Redbooks publication, we suggest that you progress on to the following materials that we plan to make available in second quarter 2016:
- IBM PKI on z/OS: Quick Set up and Explore, SG24-8337
- IBM PKI on z/OS: Planning for an Operational Scenario, SG24-8340
- IBM PKI on z/OS: Deploying an Operational Scenario, SG24-8342
- IBM PKI on z/OS Reporting and Auditor Scenario, SG24-8343

Your comments are appreciated. Your feedback can help improve the quality of our Redbooks publications so other readers can gain more value from them.

Table of contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. IBM Redbooks promotions
  4. Preface
    1. Authors
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  5. Chapter 1. Digital certificates overview
    1. 1.1 Goal
    2. 1.2 Overview
    3. 1.3 Primary question
    4. 1.4 Behind the scenes
    5. 1.5 Certificate authorities
      1. 1.5.1 Other checks for validating a digital certificate
    6. 1.6 Authentication versus authorization
    7. 1.7 Use of a digital certificate
      1. 1.7.1 Integrating certificates into applications
      2. 1.7.2 Intermediate CAs
  6. Chapter 2. Digital certificate management considerations
    1. 2.1 Goals
    2. 2.2 Using internal or external certificate authorities
      1. 2.2.1 Costs
      2. 2.2.2 Scope of use
      3. 2.2.3 Expanding scope of use
      4. 2.2.4 Compromised certificate considerations
    3. 2.3 Digital certificate lifecycle
      1. 2.3.1 Lifecycle management
    4. 2.4 Digital certificate lifecycle management considerations
      1. 2.4.1 Manual management risk
      2. 2.4.2 Request and approval policy
      3. 2.4.3 Expiration
      4. 2.4.4 Revocation
    5. 2.5 Accountability
    6. 2.6 Public Key Infrastructure
    7. 2.7 Regulatory demands
  7. Chapter 3. Introducing z/OS PKI Services
    1. 3.1 Goals
    2. 3.2 z/OS PKI Services functions
      1. 3.2.1 Certificate templates
      2. 3.2.2 Requesting or renewing certificates
      3. 3.2.3 Approving certificate requests
      4. 3.2.4 Email notifications
      5. 3.2.5 Generating certificates
      6. 3.2.6 Distributing certificates
      7. 3.2.7 Providing certificate revocation status
    3. 3.3 z/OS PKI Services elements overview
      1. 3.3.1 User interfaces
      2. 3.3.2 Query and request handlers
      3. 3.3.3 Repositories
      4. 3.3.4 Audit data and reporting opportunities
    4. 3.4 Added value of z/OS PKI Services
      1. 3.4.1 Scalability
      2. 3.4.2 Availability
      3. 3.4.3 Security
      4. 3.4.4 Cost
    5. 3.5 Certificates across the enterprise
    6. 3.6 What is next?
  8. Related publications
    1. IBM Redbooks
    2. Other publications
    3. Online resources
    4. Help from IBM
  9. Back cover

Product information

  • Title: Managing Digital Certificates across the Enterprise
  • Author(s): Keith Winnard, Martina vondem Bussche, Wai Choi, David Rossi
  • Release date: February 2016
  • Publisher(s): IBM Redbooks
  • ISBN: 9780738441504