138 lines
9.9 KiB
HTML
138 lines
9.9 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="task" />
|
||
|
<meta name="DC.Title" content="Manage certificates for verifying object signatures" />
|
||
|
<meta name="abstract" content="You can use Digital Certificate Manager (DCM) to manage the signature verification certificates that you use to validate digital signatures on objects." />
|
||
|
<meta name="description" content="You can use Digital Certificate Manager (DCM) to manage the signature verification certificates that you use to validate digital signatures on objects." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu66cdcminternetcertsr4.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahusignsigningobjects.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahuverifyingsignatures.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzahu43c_pub_certs_verify" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Manage certificates for verifying object signatures</title>
|
||
|
</head>
|
||
|
<body id="rzahu43c_pub_certs_verify"><a name="rzahu43c_pub_certs_verify"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Manage certificates for verifying object signatures</h1>
|
||
|
<div><p>You can use Digital Certificate Manager (DCM) to manage the signature
|
||
|
verification certificates that you use to validate digital signatures on objects.</p>
|
||
|
<div class="section"> <p>To sign an object, you use a certificate's private key to create
|
||
|
the signature. When you send the signed object to others, you must include
|
||
|
a copy of the certificate that signed the object. You do this by using DCM
|
||
|
to export the object signing certificate (without the certificate's private
|
||
|
key) as a signature verification certificate. You can export a signature verification
|
||
|
certificate to a file that you can then distribute to others. Or, if you want
|
||
|
to verify signatures that you create, you can export a signature verification
|
||
|
certificate into the *SIGNATUREVERIFICATION certificate store.</p>
|
||
|
<p>To validate
|
||
|
a signature on an object, you must have a copy of the certificate that signed
|
||
|
the object. You use the signing certificate's public key, which the certificate
|
||
|
contains, to examine and verify the signature that was created with the corresponding
|
||
|
private key. Therefore, before you can verify the signature on an object,
|
||
|
you must obtain a copy of the signing certificate from whomever provided you
|
||
|
with the signed objects. </p>
|
||
|
<p>You must also have a copy of the Certificate
|
||
|
Authority (CA) certificate for the CA that issued the certificate that signed
|
||
|
the object. You use the CA certificate to verify the authenticity of the certificate
|
||
|
that signed the object. DCM provides copies of CA certificates from most well-known
|
||
|
CAs. If, however, the object was signed by a certificate from another public
|
||
|
CA or a private Local CA, you must obtain a copy of the CA certificate before
|
||
|
you can verify the object signature.</p>
|
||
|
<div class="p">To use DCM to verify object signatures,
|
||
|
you must first create the appropriate certificate store for managing the necessary
|
||
|
signature verification certificates; this is the *SIGNATUREVERIFICATION certificate
|
||
|
store. When you create this certificate store, DCM automatically populates
|
||
|
it with copies of most well-known public CA certificates. <div class="note"><span class="notetitle">Note:</span> If you want
|
||
|
to be able to verify signatures that you created with your own object signing
|
||
|
certificates, you must create the *SIGNATUREVERIFICATION certificate store
|
||
|
and copy the certificates from the *OBJECTSIGNING certificate store into it.
|
||
|
This is true even if you plan to perform signature verification from within
|
||
|
the *OBJECTSIGNING certificate store.</div>
|
||
|
</div>
|
||
|
<p>To use DCM to manage your
|
||
|
signature verification certificates, complete these tasks: </p>
|
||
|
</div>
|
||
|
<ol><li class="stepexpand"><span><a href="rzahurzahu66adcmstart.htm#rzahu66a-dcm_start">Start
|
||
|
DCM</a>.</span></li>
|
||
|
<li class="stepexpand"><span>In the left navigation frame of DCM, select <span class="uicontrol">Create New
|
||
|
Certificate Store</span> to start the guided task and complete a series
|
||
|
of forms.</span> <div class="note"><span class="notetitle">Note:</span> If you have questions about how to complete a specific
|
||
|
form in this guided task, select the question mark (<span class="uicontrol">?</span>)
|
||
|
button at the top of the page to access the online help. </div>
|
||
|
</li>
|
||
|
<li class="stepexpand"><span>Select <span class="uicontrol">*SIGNATUREVERIFICATION</span> as the certificate
|
||
|
store to create and click <span class="uicontrol">Continue</span>.</span> <div class="note"><span class="notetitle">Note:</span> If
|
||
|
the *OBJECTSIGNING certificate store exists, at this point DCM will prompt
|
||
|
you to specify whether to copy the object signing certificates into the new
|
||
|
certificate store as signature verification certificates. If you want to use
|
||
|
your existing object signing certificates to verify signatures, select <span class="uicontrol">Yes</span> and
|
||
|
click <span class="uicontrol">Continue</span>. You must know the password for the
|
||
|
*OBJECTSIGNING certificate store to copy the certificates from it.</div>
|
||
|
</li>
|
||
|
<li class="stepexpand"><span>Specify a password for the new certificate store and click <span class="uicontrol">Continue</span> to
|
||
|
create the certificate store. A confirmation page displays to indicate that
|
||
|
the certificate store was created successfully. Now you can use the store
|
||
|
to manage and use certificates to verify object signatures. </span> <div class="note"><span class="notetitle">Note:</span> If
|
||
|
you created this store so that you can verify signatures on objects that you
|
||
|
signed, you can stop. As you create new object signing certificates, you must
|
||
|
export them from the *OBJECTSIGNING certificate store into this certificate
|
||
|
store. If you do not export them, you will not be able to verify the signatures
|
||
|
that you create with them. If you created this certificate store so that you
|
||
|
can verify signatures on objects that you received from other sources, you
|
||
|
must continue with this procedure so that you can import the certificates
|
||
|
that you need into the certificate store.</div>
|
||
|
</li>
|
||
|
<li class="stepexpand"><span>In the navigation frame, click <span class="uicontrol">Select a Certificate
|
||
|
Store</span> and select <span class="uicontrol">*SIGNATUREVERIFICATION</span> as
|
||
|
the certificate store to open. </span></li>
|
||
|
<li class="stepexpand"><span>When the Certificate Store and Password page displays, provide
|
||
|
the password that you specified for the certificate store when you created
|
||
|
it and click <span class="uicontrol">Continue</span>.</span></li>
|
||
|
<li class="stepexpand"><span>After the navigation frame refreshes, select <span class="uicontrol">Manage
|
||
|
Certificates</span> to display a list of tasks.</span></li>
|
||
|
<li class="stepexpand"><span>From the task list, select <span class="uicontrol">Import certificate</span>.
|
||
|
This guided task guides you through the process of importing the certificates
|
||
|
that you need into the certificate store so that you can verify the signature
|
||
|
on the objects that you received. </span></li>
|
||
|
<li class="stepexpand"><span>Select the type of certificate that you want to import. Select <span class="uicontrol">Signature
|
||
|
verification</span> to import the certificate that you received with
|
||
|
the signed objects and complete the import task.</span> <div class="note"><span class="notetitle">Note:</span> If the certificate
|
||
|
store does not already contain a copy of the CA certificate for the CA that
|
||
|
issued the signature verification certificate, you must import the CA certificate <em>first</em>.
|
||
|
You may receive an error when importing the signature verification certificate
|
||
|
if you do not import the CA certificate before importing the signature verification
|
||
|
certificate.</div>
|
||
|
</li>
|
||
|
</ol>
|
||
|
<div class="section"> <p>You can now use these certificates to verify object signatures. </p>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu66cdcminternetcertsr4.htm" title="Review this information to learn how to manage certificates from a public Internet CA by creating a certificate store.">Manage certificates from a public Internet CA</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzahurzahusignsigningobjects.htm" title="Use this information to learn how to use certificates to ensure an object's integrity or to verify the digital signature on an object to verify its authenticity.">Digital certificates for signing objects</a></div>
|
||
|
</div>
|
||
|
<div class="reltasks"><strong>Related tasks</strong><br />
|
||
|
<div><a href="rzahuverifyingsignatures.htm" title="You can use Digital Certificate Manager (DCM) to verify the authenticity of digital signatures on objects. When you verify the signature, you ensure that the data in the object has not been changed since the object owner signed the object.">Verify object signatures</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|