Usage/Exploration of ICSF services for ca ldap server

Document ID : KB000012350
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

ldap and ICSF-services (integrated cyptographic services) 

Question:

In what respect and in what amount is ca ldap able to 

make use of ICSF-services (integrated cyptographic services) 

Environment:
z/os
Answer:

CA LDAP doesnt really use any ICSF features or functionality. 

 

CA LDAP can use digital certificates whose private key is stored in ICSF to 

establish an SSL connection, but its really CA Top Secret that uses ICSF. 

TSS stores the digital certificate on the security file and can keep private key in ICSF. 

 

CA LDAP purpose is to communicate with CA Top Secret and CA ACF2. 

Think of CA LDAP as an API to program can talk to security. CA LDAP 

doesnt do any security checks, validations or signons. CA LDAP hands off 

requests to TSS and processes them. CA LDAP can also be used to extract 

information from the security files. CA LDAP doesnt do any encryption of data. 

TSS does that.