91 lines
6.5 KiB
HTML
91 lines
6.5 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="task" />
|
||
|
<meta name="DC.Title" content="Manage the certificate assignment for an application" />
|
||
|
<meta name="abstract" content="You must use Digital Certificate Manager (DCM) to assign a certificate to an application before the application can perform a secure function, such as establishing a Secure Sockets Layer (SSL) session or signing an object." />
|
||
|
<meta name="description" content="You must use Digital Certificate Manager (DCM) to assign a certificate to an application before the application can perform a secure function, such as establishing a Secure Sockets Layer (SSL) session or signing an object." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu444worksecureapps.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="mng_sys_cert_app" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Manage the certificate assignment for an application</title>
|
||
|
</head>
|
||
|
<body id="mng_sys_cert_app"><a name="mng_sys_cert_app"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Manage the certificate assignment for an application</h1>
|
||
|
<div><p>You must use Digital Certificate Manager (DCM) to assign a certificate
|
||
|
to an application before the application can perform a secure function, such
|
||
|
as establishing a Secure Sockets Layer (SSL) session or signing an object.</p>
|
||
|
<div class="section"> <p> To assign a certificate to an application, or to change the
|
||
|
certificate assignment for an application, follow these steps:</p>
|
||
|
</div>
|
||
|
<ol><li class="stepexpand"><span><a href="rzahurzahu66adcmstart.htm#rzahu66a-dcm_start">Start
|
||
|
DCM</a>. </span></li>
|
||
|
<li class="stepexpand"><span>Click <span class="uicontrol">Select a Certificate Store</span> and select
|
||
|
the appropriate certificate store. (This is either the *SYSTEM certificate
|
||
|
store or the *OBJECTSIGNING certificate store depending on the type of application
|
||
|
to which you are assigning a certificate.) </span> <div class="note"><span class="notetitle">Note:</span> If you have questions
|
||
|
about how to complete a specific form in this guided task, select the question
|
||
|
mark (<span class="uicontrol">?</span>) at the top of the page to access the online
|
||
|
help. </div>
|
||
|
</li>
|
||
|
<li class="stepexpand"><span>When the Certificate Store and Password page displays, provide
|
||
|
the password that you specified for the certificate store when you created
|
||
|
it and click <span class="uicontrol">Continue</span>.</span></li>
|
||
|
<li class="stepexpand"><span>In the navigation frame, select <span class="uicontrol">Manage Applications</span> to
|
||
|
display a list of tasks.</span></li>
|
||
|
<li class="stepexpand"><span>If you are in the *SYSTEM certificate store, select the type of
|
||
|
application to manage. (Select either <span class="uicontrol">Server</span> or <span class="uicontrol">Client</span> application,
|
||
|
as appropriate.)</span></li>
|
||
|
<li class="stepexpand"><span>From the task list, select <span class="uicontrol">Update certificate assignment</span> to
|
||
|
display a list of applications for which you can assign a certificate. </span></li>
|
||
|
<li class="stepexpand"><span>Select an application from the list and click <span class="uicontrol">Update
|
||
|
Certificate Assignment</span> to display a list of certificates that
|
||
|
you can assign to the application. </span></li>
|
||
|
<li class="stepexpand"><span>Select a certificate from the list and click <span class="uicontrol">Assign
|
||
|
New Certificate</span>. DCM displays a message to confirm your certificate
|
||
|
selection for the application.</span> <div class="note"><span class="notetitle">Note:</span> If you are assigning a certificate
|
||
|
to an SSL-enabled application that supports the use of certificates for client
|
||
|
authentication, you must <a href="rzahumngcaapptrust.htm#mng_ca_app_trust">define
|
||
|
a CA trust list</a> for the application. This ensures that the application
|
||
|
can validate only those certificates from CAs that you specify as trusted.
|
||
|
If users or a client application presents a certificate from a CA that is
|
||
|
not specified as trusted in the CA trust list, the application will not accept
|
||
|
it as a basis for valid authentication.</div>
|
||
|
</li>
|
||
|
</ol>
|
||
|
<div class="section"> <p>When you change or remove a certificate for an application, the
|
||
|
application may or may not be able to recognize the change if the application
|
||
|
is running at the time you change the certificate assignment. For example, <span class="keyword">iSeries™ Access for Windows<sup>®</sup></span> servers will apply any certificate
|
||
|
changes that you make automatically. However, you may need to stop and start
|
||
|
Telnet servers, the <span class="keyword">IBM<sup>®</sup> HTTP Server for i5/OS™</span>,
|
||
|
or other applications before these applications can apply your certificate
|
||
|
changes.</p>
|
||
|
<p>In <span class="keyword">OS/400<sup>®</sup></span> V5R2
|
||
|
or later, you can use the <a href="rzahuassigncert.htm#assigncert">Assign
|
||
|
certificate</a> task when you want to assign a certificate to several applications
|
||
|
at once. </p>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu444worksecureapps.htm" title="This topic provides information about creating application definitions and how to manage an application's certificate assignment. You can learn about defining CA trust lists that applications use as the basis of accepting certificates for client authentication.">Manage applications in DCM</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|