ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahu_5.4.0.1/rzahurzahu437completenewstore.htm

142 lines
10 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Manage public Internet certificates for SSL communications sessions" />
<meta name="abstract" content="You can use Digital Certificate Manager (DCM) to manage public Internet certificates for your applications to use for establishing secure communications sessions with the Secure Sockets Layer (SSL)." />
<meta name="description" content="You can use Digital Certificate Manager (DCM) to manage public Internet certificates for your applications to use for establishing secure communications sessions with the Secure Sockets Layer (SSL)." />
<meta name="DC.Relation" scheme="URI" content="rzahurzahu66cdcminternetcertsr4.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahu437-complete_new_store" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Manage public Internet certificates for SSL communications sessions</title>
</head>
<body id="rzahu437-complete_new_store"><a name="rzahu437-complete_new_store"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Manage public Internet certificates for SSL communications sessions</h1>
<div><p>You can use Digital Certificate Manager (DCM) to manage public
Internet certificates for your applications to use for establishing secure
communications sessions with the Secure Sockets Layer (SSL).</p>
<div class="section"> <p>If you do not use DCM to operate your own Local Certificate Authority
(CA), you must first create the appropriate certificate store for managing
the public certificates that you use for SSL. This is the *SYSTEM certificate
store. When you create a certificate store, DCM takes you through the process
of creating the certificate request information that you must provide to the
public CA to obtain a certificate.</p>
<p>To use DCM to manage and use public
Internet certificates so that your applications can establish SSL communications
sessions, follow these steps: </p>
</div>
<ol><li class="stepexpand"><span><a href="rzahurzahu66adcmstart.htm#rzahu66a-dcm_start">Start
DCM</a>.</span></li>
<li class="stepexpand"><span>In the navigation frame of DCM, select <span class="uicontrol">Create New Certificate
Store</span> to start the guided task and complete a series of forms.
These forms guide you through the process of creating a certificate store
and a certificate that your applications can use for SSL sessions.</span> <div class="note"><span class="notetitle">Note:</span> If
you have questions about how to complete a specific form in this guided task,
select the question mark (<span class="uicontrol">?</span>) at the top of the page
to access the online help. </div>
</li>
<li class="stepexpand"><span>Select <span class="uicontrol">*SYSTEM</span> as the certificate store
to create and click <span class="uicontrol">Continue</span>.</span></li>
<li class="stepexpand"><span>Select <span class="uicontrol">Yes</span> to create a certificate as part
of creating the *SYSTEM certificate store and click <span class="uicontrol">Continue</span>.</span></li>
<li class="stepexpand"><span>Select <span class="uicontrol">VeriSign or other Internet Certificate Authority
(CA)</span> as the signer of the new certificate, and click <span class="uicontrol">Continue</span> to
display a form that allows you to provide identifying information for the
new certificate.</span> <div class="note"><span class="notetitle">Note:</span> If yoursystem has an IBM<sup>®</sup> Cryptographic Coprocessor installed,
DCM allows you to select how to store the private key for the certificate
as the next task. If your system does not have a coprocessor, DCM automatically
places the private key in the *SYSTEM certificate store. If you need help
with selecting how to store the private key, see the online help in DCM.</div>
</li>
<li class="stepexpand"><span>Complete the form and click <span class="uicontrol">Continue</span> to
display a confirmation page. This confirmation page displays the certificate
request data that you must provide to the public Certificate Authority (CA)
that will issue your certificate. The Certificate Signing Request (CSR) data
consists of the public key and other information that you specified for the
new certificate. </span></li>
<li class="stepexpand"><span>Carefully copy and paste the CSR data into the certificate application
form, or into a separate file, that the public CA requires for requesting
a certificate. You must use all the CSR data, including both the Begin and
End New Certificate Request lines. When you exit this page, the data is lost
and you cannot recover it. Send the application form or file to the CA that
you have chosen to issue and sign your certificate.</span> <div class="note"><span class="notetitle">Note:</span> You must
wait for the CA to return the signed, completed certificate before you can
finish this procedure.</div>
<p>To use certificates with the HTTP Server for
your system, you must create and configure your Web server before working
with DCM to work with the signed completed certificate. When you configure
a Web server to use SSL, an application ID is generated for the server. You
must make a note of this application ID so that you can use DCM to specify
which certificate this application must use for SSL. </p>
<p>Do not end and
restart the server until you use DCM to assign the signed completed certificate
to the server. If you end and restart the *ADMIN instance of the Web server
before assigning a certificate to it, the server will not start and you will
not be able to use DCM to assign a certificate to the server.</p>
</li>
<li class="stepexpand"><span>After the public CA returns your signed certificate, start DCM.</span></li>
<li class="stepexpand"><span>In the navigation frame, click <span class="uicontrol">Select a Certificate
Store</span> and select <span class="uicontrol">*SYSTEM</span> as the certificate
store to open. </span></li>
<li class="stepexpand"><span>When the Certificate Store and Password page displays, provide
the password that you specified for the certificate store when you created
it and click <span class="uicontrol">Continue</span>.</span></li>
<li class="stepexpand"><span>After the navigation frame refreshes, select <span class="uicontrol">Manage
Certificates</span> to display a list of tasks.</span></li>
<li class="stepexpand"><span>From the task list, select <span class="uicontrol">Import certificate</span> to
begin the process of importing the signed certificate into the *SYSTEM certificate
store. After you finish importing the certificate, you can specify the applications
that must use it for SSL communications.</span></li>
<li class="stepexpand"><span>In the navigation frame, select <span class="uicontrol">Manage Applications</span> to
display a list of tasks.</span></li>
<li class="stepexpand"><span>From the task list, select <span class="uicontrol">Update certificate assignment</span> to
display a list of SSL-enabled applications for which you can assign a certificate. </span></li>
<li class="stepexpand"><span>Select an application from the list and click <span class="uicontrol">Update
Certificate Assignment</span>. </span></li>
<li class="stepexpand"><span>Select the certificate that you imported and click <span class="uicontrol">Assign
New Certificate</span>. DCM displays a message to confirm your certificate
selection for the application.</span> <div class="note"><span class="notetitle">Note:</span> Some SSL-enabled applications
support client authentication based on certificates. If you want an application
with this support to be able to authenticate certificates before providing
access to resources, you must <a href="rzahumngcaapptrust.htm#mng_ca_app_trust">define
a CA trust list</a> for the application. This ensures that the application
can validate only those certificates from CAs that you specify as trusted.
If a user or a client application presents a certificate from a CA that is
not specified as trusted in the CA trust list, the application will not accept
it as a basis for valid authentication.</div>
</li>
</ol>
<div class="section"> <p>When you finish the guided task, you have everything that you
need to begin <a href="../rzain/rzainoverview.htm">configuring
your applications to use SSL</a> for secure communications. Before users
can access these applications through an SSL session, they must have a copy
of the CA certificate for the CA that issued the server certificate. If your
certificate is from a well-known Internet CA, your users' client software
may already have a copy of the necessary CA certificate. If users need to
obtain the CA certificate, they must access the Web site for the CA and follow
the directions the site provides.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu66cdcminternetcertsr4.htm" title="Review this information to learn how to manage certificates from a public Internet CA by creating a certificate store.">Manage certificates from a public Internet CA</a></div>
</div>
</div>
</body>
</html>