142 lines
10 KiB
HTML
142 lines
10 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="task" />
|
||
|
<meta name="DC.Title" content="Manage public Internet certificates for SSL communications sessions" />
|
||
|
<meta name="abstract" content="You can use Digital Certificate Manager (DCM) to manage public Internet certificates for your applications to use for establishing secure communications sessions with the Secure Sockets Layer (SSL)." />
|
||
|
<meta name="description" content="You can use Digital Certificate Manager (DCM) to manage public Internet certificates for your applications to use for establishing secure communications sessions with the Secure Sockets Layer (SSL)." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu66cdcminternetcertsr4.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzahu437-complete_new_store" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Manage public Internet certificates for SSL communications sessions</title>
|
||
|
</head>
|
||
|
<body id="rzahu437-complete_new_store"><a name="rzahu437-complete_new_store"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Manage public Internet certificates for SSL communications sessions</h1>
|
||
|
<div><p>You can use Digital Certificate Manager (DCM) to manage public
|
||
|
Internet certificates for your applications to use for establishing secure
|
||
|
communications sessions with the Secure Sockets Layer (SSL).</p>
|
||
|
<div class="section"> <p>If you do not use DCM to operate your own Local Certificate Authority
|
||
|
(CA), you must first create the appropriate certificate store for managing
|
||
|
the public certificates that you use for SSL. This is the *SYSTEM certificate
|
||
|
store. When you create a certificate store, DCM takes you through the process
|
||
|
of creating the certificate request information that you must provide to the
|
||
|
public CA to obtain a certificate.</p>
|
||
|
<p>To use DCM to manage and use public
|
||
|
Internet certificates so that your applications can establish SSL communications
|
||
|
sessions, follow these steps: </p>
|
||
|
</div>
|
||
|
<ol><li class="stepexpand"><span><a href="rzahurzahu66adcmstart.htm#rzahu66a-dcm_start">Start
|
||
|
DCM</a>.</span></li>
|
||
|
<li class="stepexpand"><span>In the navigation frame of DCM, select <span class="uicontrol">Create New Certificate
|
||
|
Store</span> to start the guided task and complete a series of forms.
|
||
|
These forms guide you through the process of creating a certificate store
|
||
|
and a certificate that your applications can use for SSL sessions.</span> <div class="note"><span class="notetitle">Note:</span> If
|
||
|
you have questions about how to complete a specific form in this guided task,
|
||
|
select the question mark (<span class="uicontrol">?</span>) at the top of the page
|
||
|
to access the online help. </div>
|
||
|
</li>
|
||
|
<li class="stepexpand"><span>Select <span class="uicontrol">*SYSTEM</span> as the certificate store
|
||
|
to create and click <span class="uicontrol">Continue</span>.</span></li>
|
||
|
<li class="stepexpand"><span>Select <span class="uicontrol">Yes</span> to create a certificate as part
|
||
|
of creating the *SYSTEM certificate store and click <span class="uicontrol">Continue</span>.</span></li>
|
||
|
<li class="stepexpand"><span>Select <span class="uicontrol">VeriSign or other Internet Certificate Authority
|
||
|
(CA)</span> as the signer of the new certificate, and click <span class="uicontrol">Continue</span> to
|
||
|
display a form that allows you to provide identifying information for the
|
||
|
new certificate.</span> <div class="note"><span class="notetitle">Note:</span> If yoursystem has an IBM<sup>®</sup> Cryptographic Coprocessor installed,
|
||
|
DCM allows you to select how to store the private key for the certificate
|
||
|
as the next task. If your system does not have a coprocessor, DCM automatically
|
||
|
places the private key in the *SYSTEM certificate store. If you need help
|
||
|
with selecting how to store the private key, see the online help in DCM.</div>
|
||
|
</li>
|
||
|
<li class="stepexpand"><span>Complete the form and click <span class="uicontrol">Continue</span> to
|
||
|
display a confirmation page. This confirmation page displays the certificate
|
||
|
request data that you must provide to the public Certificate Authority (CA)
|
||
|
that will issue your certificate. The Certificate Signing Request (CSR) data
|
||
|
consists of the public key and other information that you specified for the
|
||
|
new certificate. </span></li>
|
||
|
<li class="stepexpand"><span>Carefully copy and paste the CSR data into the certificate application
|
||
|
form, or into a separate file, that the public CA requires for requesting
|
||
|
a certificate. You must use all the CSR data, including both the Begin and
|
||
|
End New Certificate Request lines. When you exit this page, the data is lost
|
||
|
and you cannot recover it. Send the application form or file to the CA that
|
||
|
you have chosen to issue and sign your certificate.</span> <div class="note"><span class="notetitle">Note:</span> You must
|
||
|
wait for the CA to return the signed, completed certificate before you can
|
||
|
finish this procedure.</div>
|
||
|
<p>To use certificates with the HTTP Server for
|
||
|
your system, you must create and configure your Web server before working
|
||
|
with DCM to work with the signed completed certificate. When you configure
|
||
|
a Web server to use SSL, an application ID is generated for the server. You
|
||
|
must make a note of this application ID so that you can use DCM to specify
|
||
|
which certificate this application must use for SSL. </p>
|
||
|
<p>Do not end and
|
||
|
restart the server until you use DCM to assign the signed completed certificate
|
||
|
to the server. If you end and restart the *ADMIN instance of the Web server
|
||
|
before assigning a certificate to it, the server will not start and you will
|
||
|
not be able to use DCM to assign a certificate to the server.</p>
|
||
|
</li>
|
||
|
<li class="stepexpand"><span>After the public CA returns your signed certificate, start DCM.</span></li>
|
||
|
<li class="stepexpand"><span>In the navigation frame, click <span class="uicontrol">Select a Certificate
|
||
|
Store</span> and select <span class="uicontrol">*SYSTEM</span> as the certificate
|
||
|
store to open. </span></li>
|
||
|
<li class="stepexpand"><span>When the Certificate Store and Password page displays, provide
|
||
|
the password that you specified for the certificate store when you created
|
||
|
it and click <span class="uicontrol">Continue</span>.</span></li>
|
||
|
<li class="stepexpand"><span>After the navigation frame refreshes, select <span class="uicontrol">Manage
|
||
|
Certificates</span> to display a list of tasks.</span></li>
|
||
|
<li class="stepexpand"><span>From the task list, select <span class="uicontrol">Import certificate</span> to
|
||
|
begin the process of importing the signed certificate into the *SYSTEM certificate
|
||
|
store. After you finish importing the certificate, you can specify the applications
|
||
|
that must use it for SSL communications.</span></li>
|
||
|
<li class="stepexpand"><span>In the navigation frame, select <span class="uicontrol">Manage Applications</span> to
|
||
|
display a list of tasks.</span></li>
|
||
|
<li class="stepexpand"><span>From the task list, select <span class="uicontrol">Update certificate assignment</span> to
|
||
|
display a list of SSL-enabled applications for which you can assign a certificate. </span></li>
|
||
|
<li class="stepexpand"><span>Select an application from the list and click <span class="uicontrol">Update
|
||
|
Certificate Assignment</span>. </span></li>
|
||
|
<li class="stepexpand"><span>Select the certificate that you imported and click <span class="uicontrol">Assign
|
||
|
New Certificate</span>. DCM displays a message to confirm your certificate
|
||
|
selection for the application.</span> <div class="note"><span class="notetitle">Note:</span> Some SSL-enabled applications
|
||
|
support client authentication based on certificates. If you want an application
|
||
|
with this support to be able to authenticate certificates before providing
|
||
|
access to resources, you must <a href="rzahumngcaapptrust.htm#mng_ca_app_trust">define
|
||
|
a CA trust list</a> for the application. This ensures that the application
|
||
|
can validate only those certificates from CAs that you specify as trusted.
|
||
|
If a user or a client application presents a certificate from a CA that is
|
||
|
not specified as trusted in the CA trust list, the application will not accept
|
||
|
it as a basis for valid authentication.</div>
|
||
|
</li>
|
||
|
</ol>
|
||
|
<div class="section"> <p>When you finish the guided task, you have everything that you
|
||
|
need to begin <a href="../rzain/rzainoverview.htm">configuring
|
||
|
your applications to use SSL</a> for secure communications. Before users
|
||
|
can access these applications through an SSL session, they must have a copy
|
||
|
of the CA certificate for the CA that issued the server certificate. If your
|
||
|
certificate is from a well-known Internet CA, your users' client software
|
||
|
may already have a copy of the necessary CA certificate. If users need to
|
||
|
obtain the CA certificate, they must access the Web site for the CA and follow
|
||
|
the directions the site provides.</p>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu66cdcminternetcertsr4.htm" title="Review this information to learn how to manage certificates from a public Internet CA by creating a certificate store.">Manage certificates from a public Internet CA</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|