A Public Key Infrastructure for X.509 (PKIX) Certificate Authority (CA) is a CA that issues certificates based on the newest Internet X.509 standards for implementing a public key infrastructure.
A PKIX CA requires more stringent identification before issuing a certificate; usually by requiring that an applicant provide proof of identity through a Registration Authority (RA). After the applicant supplies the proof of identity that the RA requires, the RA certifies the applicant's identity. Either the RA or the applicant, depending on the CAs established procedure, submits the certified application to the associated CA. As these standards are adopted more widely, PKIX compliant CAs will become more widely available. You might investigate using a PKIX compliant CA if your security needs require strict access control to resources that your SSL-enabled applications provide to users. For example, Lotus® Domino® provides a PKIX CA for public use.
If you choose to have a PKIX CA issue certificates for your applications to use, you can use Digital Certificate Manager (DCM) to manage these certificates. You use DCM to configure a URL for a PKIX CA. Doing so configures Digital Certificate Manager (DCM) to provide a PKIX CA as an option for obtaining signed certificates.
To use DCM to manage certificates from a PKIX CA, you must configure DCM to use the location for the CA by following these steps: