Skip to Main Content
IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Workspace z/OS
Categories RACF
Created by Guest
Created on Feb 22, 2019

Request for change to Management of PKCS11 tokens ICSF panel

We are trying to setup on a z/OS LPAR a client-server platform (e.g. Pcomm client to TN3270 server or browser to HTTP server) fully compliant with FIPS 140-2 requirements.

To accomplish this task, all TCP/IP AT-TLS policies, security levels and cipher suites involved in secure communications toward services exposed by this LPAR have benn updated to meet FIPS 140-2 requirements, and specifically for these secure connections has been created via RACF some PKCS #11 certificates.

We discovered that the attribute FIPS140 in the private key of the certificate (CKA_IBM_FIPS140)
can not be passed by using RACDCERT racf command, so it is taken its default value that is FALSE.

Unfortunately this specific field can not be updated neither through the "PKCS11 Token Browser Utility" of the Integrated Cryptographic Service Facility.
Indeed, if we navigate from "Management of PKCS11 tokens" utility to "Private Key Object Details" panel, we see that the FIPS140 field is set to FALSE and cannot be changed to TRUE through this panel (see attached image Private_Key_Object_Details.jpg).

So it should be highly advisable a change to this specific panel of ICSF to allow to modify the FIPS140 field of the private key of a PKCS #11 certificate from FALSE to TRUE.

Idea priority Medium
  • Guest
    Reply
    |
    Jan 31, 2024
    This item is a valid requirement but unlikely to be given high enough priority to be placed into the product plan. If this requirement is high value, please re-open it, or open a new requirement.
  • Guest
    Reply
    |
    May 6, 2019

    Hi Dan, we received two emails referring to the CSE rfe,
    "ICSF - PKCS11 Token Browser Utility status has changed to Will not implement" we cannot understand the reason having exhaustively detailed the customer request.
    could you please help us understand?
    furthermore it is related to another RFE that has nothing to do ... why ??
    I thank you for your cooperation

  • Guest
    Reply
    |
    Mar 7, 2019

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - Servers and Systems Software
    Product family - z Systems Software
    Product - z/OS
    Component - RACF
    Operating system - IBM z/OS
    Source - Client

    For recording keeping, the previous attributes were:
    Brand - Servers and Systems Software
    Product family - z Systems Software
    Product - z/OS
    Component - ICSF
    Operating system - IBM z/OS
    Source - Client

  • Guest
    Reply
    |
    Feb 22, 2019

    Attachment (Use case): screenshot of " Private Key Object Details " panel