In order that one system can be assured that a certificate received from another system is genuine, a trusted third party that can vouch for the certificate is needed.
Certificate authorities are independent bodies who act as the trusted third parties, by issuing certificates for use by others. Before issuing a certificate, a certificate authority will examine the credentials of the person or organization that has requested the certificate. When the certificate has been issued, information about it is held on a publicly accessible repository. Users can consult the repository to check the status and validity of any certificates received.
CICS can check every certificate it receives from a client for
a revoked status by using certificate revocation lists. A certificate revocation
list details all the revoked certificates for a particular certificate authority.
These lists are freely available to download from the Internet. If the certificate
has a revoked status, CICS closes the SSL connection immediately. To find
out how to set up certificate revocation lists, see Using certificate revocation lists (CRLs).