Digital certificates provide the foundation for using the Secure Sockets Layer (SSL) for secure communications and as a stronger means of authentication.
The iSeries™ server provides you with the ability to easily create and manage digital certificates for your systems and users with Digital Certificate Manager (DCM), an integrated feature of i5/OS™.
Additionally, you can configure some applications, such as the IBM® HTTP Server for iSeries, to use digital certificates for a stronger method of client authentication instead of user name and passwords.
What is a digital certificate?
A digital certificate is a digital credential that validates the identity of the certificate owner, much as a passport does. A trusted third party, called a Certificate authority (CA), issues digital certificates to users and servers. The trust in the CA is the foundation of trust in the certificate as a valid credential.
Each CA has a policy to determine
what identifying information the CA requires in order to issue a certificate.
Some Internet CAs may require very little information, such as only requiring
a distinguished name. This is the name of the person or server to whom a CA
issues a digital certificate address and a digital e-mail address. A private
key and a public key are generated for each certificate. The certificate contains
the public key, while the browser or a secure file stores the private key.
The keypairs associated with the certificate can be used to "sign" and encrypt
data, such as messages and documents, sent between users and servers. Such
digital signatures ensure the reliability of an item's origin and protects
the integrity of the item.
Although many applications cannot take advantage
of SSL yet, many others, like Telnet and iSeries Access Express, have added SSL
capability. To learn how you can use SSL with iSeries applications, see Securing
applications with SSL in the IBM Systems Software Information Center.