Creating and maintaining digital certificates

Digital certificates are used for identifying either end of an SSL connection and contain information required to establish trust.

A digital certificate is a digitally signed data structure that binds a public key to the identity of the private key's owner. The use of digital certificates ensures that the user of a public key can be confident of the ownership of the corresponding private key. If you intend using SSL, you must always configure server authentication.

Server authentication tasks (mandatory for SSL)

  1. Create a CA certificate on your Server which is self signed, or send a certificate request to an external CA and have it signed by them.
  2. Generate a personal certificate on the Server and sign it with your CA certificate.
  3. Export the personal certificate to a file on your Server.
  4. Transfer the file to your Client.
  5. Create a keystore/key ring on your Client and import the server personal certificate from the file into it.

Client authentication tasks (optional for SSL)

  1. Create a CA certificate on your Client which is self signed, or send a certificate request to an external CA and have it signed by them.
  2. Generate a personal certificate on the Client and sign it with your CA certificate.
  3. Export the personal certificate to a file on your Client.
  4. Transfer the file to your Server.
  5. Import the Server personal certificate to the Client.

Tools for working with digital certificates

Use these tools to work with digital certificates in different scenarios:

The keytool utility is a command line tool; iKeyman is a graphical tool. iKeyman and iKeytool are shipped in both the JRE and SDK packages.


Information Information

Feedback


Timestamp icon Last updated: Tuesday, 19 November 2013


https://ut-ilnx-r4.hursley.ibm.com/tg_latest/help/topic/com.ibm.cics.tg.doc//ctgunx/ikeyman_jsse.html