When you initialize a PKDS for the first time, you can make
disk copies to create other PKDSs for the system. You can use
the dynamic PKDS update callable services to add or update the disk
copy of the current in-storage PKDS. For information on using the
dynamic PKDS callable services, refer to the
z/OS Cryptographic Services ICSF Application Programmer's Guide. You can refresh the in-storage PKDS with an updated or different
disk copy of the PKDS by using these steps. You can refresh the PKDS
at any time without disrupting cryptographic functions.
Note: - Prior to performing a local PKDS refresh, consider temporarily
disallowing PKDS write, create and delete services using the ICSF
Administrative Control Functions panel.
- If you are running either a stand alone system or a sysplex environment,
where all ICSF instances are at FMID HCR77A0 or later, you may be
able to perform a coordinated PKDS refresh. The coordinated PKDS refresh
operation simplifies PKDS administration by automating steps from
the local PKDS refresh procedure and allowing the refresh to be initiated
from a single ICSF instance. Coordinated PKDS refresh is carried out
for all ICSF instances in the sysplex sharing the same active PKDS.
If you are in a single system environment, coordinated PKDS refresh
can still be used to automate the manual steps of a local PKDS refresh.
Refer to Performing a coordinated refresh for more information.
- Enter option 2, MASTER KEY MGMT, on the ICSF Primary Menu panel
to access the Master Key Management Panel.
- Select option 2, PKDS Master Key Management.
- Enter option 1, PKDS OPERATIONS to access the PKDS Operations
panel.
- In the New PKDS field, specify the name of the disk copy of the
PKDS that you want ICSF to read into storage. ICSF places the disk
copy of the specified PKDS into storage. A REFRESH does not disrupt
any applications that are running on ICSF. A message that states that
the PKDS was refreshed appears on the right of the top line on the
panel.
- Press END to return to the Primary Menu panel.