Digital
certificates are used for identifying either end of an SSL connection
and contain information required to establish trust.
A digital certificate is a digitally signed data structure that
binds a public key to the identity of the private key's owner. The
use of digital certificates ensures that the user of a public key
can be confident of the ownership of the corresponding private key.
If you intend using SSL, you must always configure server authentication.
Server authentication tasks (mandatory for SSL)
- Create a CA certificate on your Server which is self signed, or
send a certificate request to an external CA and have it signed by
them.
- Generate a personal certificate on the Server and sign it with
your CA certificate.
- Export the personal certificate to a file on your Server.
- Transfer the file to your Client.
- Create a keystore/key ring on your Client and import the server
personal certificate from the file into it.
Client authentication tasks (optional for SSL)
- Create a CA certificate on your Client which is self signed, or
send a certificate request to an external CA and have it signed by
them.
- Generate a personal certificate on the Client and sign it with
your CA certificate.
- Export the personal certificate to a file on your Client.
- Transfer the file to your Server.
- Import the Server personal certificate to the client's
RACF key ring or keystore.
Tools for working with digital certificates
Use
these tools to work with digital certificates in different scenarios:
- Use keytool for software encryption, if the key ring is stored
in zFS
- Use hwkeytool for hardware encryption, if the key ring is stored
in zFS
- You can also use RACF for creating and maintaining certificates
and key rings