ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahu_5.4.0.1/rzahurzahu43cpubcertsverify.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Manage certificates for verifying object signatures" />
<meta name="abstract" content="You can use Digital Certificate Manager (DCM) to manage the signature verification certificates that you use to validate digital signatures on objects." />
<meta name="description" content="You can use Digital Certificate Manager (DCM) to manage the signature verification certificates that you use to validate digital signatures on objects." />
<meta name="DC.Relation" scheme="URI" content="rzahurzahu66cdcminternetcertsr4.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahurzahusignsigningobjects.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahuverifyingsignatures.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahu43c_pub_certs_verify" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Manage certificates for verifying object signatures</title>
</head>
<body id="rzahu43c_pub_certs_verify"><a name="rzahu43c_pub_certs_verify"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Manage certificates for verifying object signatures</h1>
<div><p>You can use Digital Certificate Manager (DCM) to manage the signature
verification certificates that you use to validate digital signatures on objects.</p>
<div class="section"> <p>To sign an object, you use a certificate's private key to create
the signature. When you send the signed object to others, you must include
a copy of the certificate that signed the object. You do this by using DCM
to export the object signing certificate (without the certificate's private
key) as a signature verification certificate. You can export a signature verification
certificate to a file that you can then distribute to others. Or, if you want
to verify signatures that you create, you can export a signature verification
certificate into the *SIGNATUREVERIFICATION certificate store.</p>
<p>To validate
a signature on an object, you must have a copy of the certificate that signed
the object. You use the signing certificate's public key, which the certificate
contains, to examine and verify the signature that was created with the corresponding
private key. Therefore, before you can verify the signature on an object,
you must obtain a copy of the signing certificate from whomever provided you
with the signed objects. </p>
<p>You must also have a copy of the Certificate
Authority (CA) certificate for the CA that issued the certificate that signed
the object. You use the CA certificate to verify the authenticity of the certificate
that signed the object. DCM provides copies of CA certificates from most well-known
CAs. If, however, the object was signed by a certificate from another public
CA or a private Local CA, you must obtain a copy of the CA certificate before
you can verify the object signature.</p>
<div class="p">To use DCM to verify object signatures,
you must first create the appropriate certificate store for managing the necessary
signature verification certificates; this is the *SIGNATUREVERIFICATION certificate
store. When you create this certificate store, DCM automatically populates
it with copies of most well-known public CA certificates.  <div class="note"><span class="notetitle">Note:</span> If you want
to be able to verify signatures that you created with your own object signing
certificates, you must create the *SIGNATUREVERIFICATION certificate store
and copy the certificates from the *OBJECTSIGNING certificate store into it.
This is true even if you plan to perform signature verification from within
the *OBJECTSIGNING certificate store.</div>
</div>
<p>To use DCM to manage your
signature verification certificates, complete these tasks:  </p>
</div>
<ol><li class="stepexpand"><span><a href="rzahurzahu66adcmstart.htm#rzahu66a-dcm_start">Start
DCM</a>.</span></li>
<li class="stepexpand"><span>In the left navigation frame of DCM, select <span class="uicontrol">Create New
Certificate Store</span> to start the guided task and complete a series
of forms.</span> <div class="note"><span class="notetitle">Note:</span> If you have questions about how to complete a specific
form in this guided task, select the question mark (<span class="uicontrol">?</span>)
button at the top of the page to access the online help. </div>
</li>
<li class="stepexpand"><span>Select <span class="uicontrol">*SIGNATUREVERIFICATION</span> as the certificate
store to create and click <span class="uicontrol">Continue</span>.</span> <div class="note"><span class="notetitle">Note:</span> If
the *OBJECTSIGNING certificate store exists, at this point DCM will prompt
you to specify whether to copy the object signing certificates into the new
certificate store as signature verification certificates. If you want to use
your existing object signing certificates to verify signatures, select <span class="uicontrol">Yes</span> and
click <span class="uicontrol">Continue</span>. You must know the password for the
*OBJECTSIGNING certificate store to copy the certificates from it.</div>
</li>
<li class="stepexpand"><span>Specify a password for the new certificate store and click <span class="uicontrol">Continue</span> to
create the certificate store. A confirmation page displays to indicate that
the certificate store was created successfully. Now you can use the store
to manage and use certificates to verify object signatures. </span> <div class="note"><span class="notetitle">Note:</span> If
you created this store so that you can verify signatures on objects that you
signed, you can stop. As you create new object signing certificates, you must
export them from the *OBJECTSIGNING certificate store into this certificate
store. If you do not export them, you will not be able to verify the signatures
that you create with them. If you created this certificate store so that you
can verify signatures on objects that you received from other sources, you
must continue with this procedure so that you can import the certificates
that you need into the certificate store.</div>
</li>
<li class="stepexpand"><span>In the navigation frame, click <span class="uicontrol">Select a Certificate
Store</span> and select <span class="uicontrol">*SIGNATUREVERIFICATION</span> as
the certificate store to open. </span></li>
<li class="stepexpand"><span>When the Certificate Store and Password page displays, provide
the password that you specified for the certificate store when you created
it and click <span class="uicontrol">Continue</span>.</span></li>
<li class="stepexpand"><span>After the navigation frame refreshes, select <span class="uicontrol">Manage
Certificates</span> to display a list of tasks.</span></li>
<li class="stepexpand"><span>From the task list, select <span class="uicontrol">Import certificate</span>.
This guided task guides you through the process of importing the certificates
that you need into the certificate store so that you can verify the signature
on the objects that you received. </span></li>
<li class="stepexpand"><span>Select the type of certificate that you want to import. Select <span class="uicontrol">Signature
verification</span> to import the certificate that you received with
the signed objects and complete the import task.</span> <div class="note"><span class="notetitle">Note:</span> If the certificate
store does not already contain a copy of the CA certificate for the CA that
issued the signature verification certificate, you must import the CA certificate <em>first</em>.
You may receive an error when importing the signature verification certificate
if you do not import the CA certificate before importing the signature verification
certificate.</div>
</li>
</ol>
<div class="section"> <p>You can now use these certificates to verify object signatures. </p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu66cdcminternetcertsr4.htm" title="Review this information to learn how to manage certificates from a public Internet CA by creating a certificate store.">Manage certificates from a public Internet CA</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzahurzahusignsigningobjects.htm" title="Use this information to learn how to use certificates to ensure an object's integrity or to verify the digital signature on an object to verify its authenticity.">Digital certificates for signing objects</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzahuverifyingsignatures.htm" title="You can use Digital Certificate Manager (DCM) to verify the authenticity of digital signatures on objects. When you verify the signature, you ensure that the data in the object has not been changed since the object owner signed the object.">Verify object signatures</a></div>
</div>
</div>
</body>
</html>