85 lines
5.9 KiB
HTML
85 lines
5.9 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Store certificate keys on an IBM Cryptographic Coprocessor" />
|
||
|
<meta name="abstract" content="Review this information to learn how to use an installed coprocessor to provide more secure storage for your certificates' private keys." />
|
||
|
<meta name="description" content="Review this information to learn how to use an installed coprocessor to provide more secure storage for your certificates' private keys." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahumanagedcm.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahuhwkeystorageoncard.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahuhwassiststorage.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahucryptocardconcept.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzahucrp1_create_cert_on_hw" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Store certificate keys on an IBM Cryptographic Coprocessor</title>
|
||
|
</head>
|
||
|
<body id="rzahucrp1_create_cert_on_hw"><a name="rzahucrp1_create_cert_on_hw"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Store certificate keys on an IBM Cryptographic Coprocessor</h1>
|
||
|
<div><p>Review this information to learn how to use an installed coprocessor
|
||
|
to provide more secure storage for your certificates' private keys.</p>
|
||
|
<p>If you have installed an <a href="../rzajc/rzajcoverview.htm">IBM<sup>®</sup> Cryptographic
|
||
|
Coprocessor</a> on your system, you can use the coprocessor to provide
|
||
|
more secure storage for a certificate's private key. You can use the coprocessor
|
||
|
to store the private key for a server certificate, a client certificate, or
|
||
|
a local Certificate Authority (CA) certificate. However, you cannot use the
|
||
|
coprocessor for storing a user certificate private key because this key must
|
||
|
be stored on the user's system. Also, you cannot use the coprocessor to store
|
||
|
the private key for an object signing certificate at this time.</p>
|
||
|
<div class="p">You can use the coprocessor for certificate private key storage in one
|
||
|
of two ways: <ul><li>Storing the certificate private key directly on the coprocessor itself.</li>
|
||
|
<li>Using the coprocessor master key to encrypt the certificate private key
|
||
|
for storage in a special key file.</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<p>You can select this key storage option as part of the process of creating
|
||
|
or renewing a certificate. Also, if you use the coprocessor to store a certificate's
|
||
|
private key, you can change the coprocessor device assignment for that key. </p>
|
||
|
<p>To use the coprocessor for private key storage, you must ensure that the
|
||
|
coprocessor is varied on before using Digital Certificate Manager (DCM). Otherwise,
|
||
|
DCM will not provide a page for selecting a storage option as part of the
|
||
|
certificate creation or renewal process. </p>
|
||
|
<p>If you are creating or renewing a server or client certificate, you select
|
||
|
the private key storage option after you select the type of CA that is signing
|
||
|
the current certificate. If you are creating or renewing a local CA, you select
|
||
|
the private key storage option as the first step in the process.</p>
|
||
|
</div>
|
||
|
<div>
|
||
|
<ul class="ullinks">
|
||
|
<li class="ulchildlink"><strong><a href="rzahuhwkeystorageoncard.htm">Store the certificate private key directly on the coprocessor</a></strong><br />
|
||
|
For extra security to protect access to and use of a certificate's
|
||
|
private key, you can choose to store the key directly on an IBM Cryptographic
|
||
|
Coprocessor. You can select this key storage option as part of creating or
|
||
|
renewing a certificate in Digital Certificate Manager (DCM).</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzahuhwassiststorage.htm">Use the coprocessor master key to encrypt the certificate private key</a></strong><br />
|
||
|
For extra security to protect access to and use of a certificate's
|
||
|
private key, you can use the master key of an IBM Cryptographic Coprocessor to encrypt
|
||
|
the private key and store the key in a special key file. You can select this
|
||
|
key storage option as part of creating or renewing a certificate in Digital
|
||
|
Certificate Manager (DCM).</li>
|
||
|
</ul>
|
||
|
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahumanagedcm.htm" title="Use this information to learn how to use DCM to manage your certificates and the applications that use them. Also, you can learn about how to digitally sign objects and how to create and operate your own Certificate Authority.">Manage DCM</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzahucryptocardconcept.htm" title="The cryptographic coprocessor provides proven cryptographic services, ensuring privacy and integrity, for developing secure e-business applications.">IBM Cryptographic Coprocessors for iSeries</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|