ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahu_5.4.0.1/rzahuissuepublicusercerts.htm

92 lines
6.5 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Use APIs to programmatically issue certificates to non-iSeries users" />
<meta name="abstract" content="Use this information to learn how you can use your Local CA to issue private certificates to users without associating the certificate with an iSeries user profile." />
<meta name="description" content="Use this information to learn how you can use your Local CA to issue private certificates to users without associating the certificate with an iSeries user profile." />
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4anactingownca.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4afinternetvsprivcert.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4aeauthenticatewcerts.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4anactingownca.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="issuepublicusercerts" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Use APIs to programmatically issue certificates to non-iSeries users</title>
</head>
<body id="issuepublicusercerts"><a name="issuepublicusercerts"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Use APIs to programmatically issue certificates to non-iSeries users</h1>
<div><p>Use this information to learn how you can use your Local CA to
issue private certificates to users without associating the certificate
with an <span class="keyword">iSeries™</span> user profile.</p>
<div class="section"><p>In <span class="keyword">i5/OS™</span> V5R3
or later, there are two new APIs available that you can use to programmatically
issue certificates to non-iSeries users. In previous releases, when you used
your Local Certificate Authority (CA) to issue certificates to users, these
certificates were automatically associated with their <span class="keyword">iSeries</span> user
profiles. Consequently, to use the Local CA to issue a certificate to a user
for client authentication, you had to provide that user with an <span class="keyword">iSeries</span> user
profile. Also, when users needed to obtain a certificate from a Local CA for
client authentication, each user had to use Digital Certificate Manager (DCM)
to create the needed certificate. Therefore, each user must have a user profile
on the <span class="keyword">iSeries</span> server that
hosts DCM and a valid signon to that <span class="keyword">iSeries</span> server.</p>
</div>
<div class="section"><p>Having the certificate associated with a user profile has its
advantages, especially when internal users are concerned. However, these restrictions
and requirements made it less practical to use the Local CA to issue user
certificates for a large number of users, especially when you do not want
those users to have an <span class="keyword">iSeries</span> user
profile. To avoid providing user profiles to these users, you might require
users to pay for a certificate from a well-known CA if you wanted to require
certificates for user authentication for your applications. </p>
</div>
<div class="section"><p>These two new APIs provide support that allows you to provide
an interface for creating user certificates signed by the Local CA certificate
for any user name. This certificate will not be associated with a user profile.
The user does not need to exist on the <span class="keyword">iSeries</span> server
that hosts DCM and the user does not need to use DCM to create the certificate.
</p>
</div>
<div class="section"><p>There are two APIs, one for each of the predominate browser programs,
that you can call when using Net.Data<sup>®</sup> to create a program for issuing certificates
to users. The application that you create must provide the Graphical User
Interface (GUI) code needed to create the user certificate and to call one
of the appropriate API to use the Local CA to sign the certificate. </p>
</div>
<div class="section"><div class="p">For more information about using these APIs, see these pages:
<ul><li>Generate and Sign User Certificate Request (<a href="../apis/qycugsuc.htm">QYCUGSUC</a>) API.</li>
<li>Sign User Certificate Request (<a href="../apis/qycusuc.htm">QYCUSUC</a>) API.</li>
</ul>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu4anactingownca.htm" title="This information explains how to create and operate a Local Certificate Authority (CA) to issue private certificates for your applications.">Create and operate a Local CA</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzahurzahu4afinternetvsprivcert.htm" title="Review this information to learn how to determine which type of certificate (public or private) best suits your business needs.">Public certificates versus private certificates</a></div>
<div><a href="rzahurzahu4aeauthenticatewcerts.htm" title="Review this information to learn how to use certificates to provide a means of more strongly authenticating users who access iSeries system resources.">Digital certificates for user authentication</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzahurzahu4anactingownca.htm" title="This information explains how to create and operate a Local Certificate Authority (CA) to issue private certificates for your applications.">Create and operate a Local CA</a></div>
</div>
</div>
</body>
</html>