ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahu_5.4.0.1/rzahurzahuvalidatecertsapps.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Validate certificates and applications" />
<meta name="abstract" content="You can use Digital Certificate Manager (DCM) to validate individual certificates or the applications that use them. The list of things that DCM checks differs slightly depending on whether you are validating a certificate or an application." />
<meta name="description" content="You can use Digital Certificate Manager (DCM) to validate individual certificates or the applications that use them. The list of things that DCM checks differs slightly depending on whether you are validating a certificate or an application." />
<meta name="DC.Relation" scheme="URI" content="rzahurzahumanagedcm.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahurzahucertrevlist.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahuvalidation_concept.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahuval_validate_certs-apps" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Validate certificates and applications</title>
</head>
<body id="rzahuval_validate_certs-apps"><a name="rzahuval_validate_certs-apps"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Validate certificates and applications</h1>
<div><p>You can use Digital Certificate Manager (DCM) to validate individual
certificates or the applications that use them. The list of things that DCM
checks differs slightly depending on whether you are validating a certificate
or an application.</p>
<p><span class="uicontrol">Application validation</span></p>
<p>Using DCM to validate an application definition helps prevent certificate
problems for the application when it is performing a function that requires
certificates. Such problems might prevent an application either from participating
successfully in a Secure Sockets Layer (SSL) session or from signing objects
successfully.</p>
<p>When you validate an application, DCM verifies that there is a certificate
assignment for the application and ensures that the assigned certificate is
valid. Additionally, DCM ensures that if the application is configured to
use a Certificate Authority (CA) trust list, that the trust list contains
at least one CA certificate. DCM then verifies that the CA certificates in
the application CA trust list are valid. Also, if the application definition
specifies that Certificate Revocation List (CRL) processing occur and there
is a defined CRL location for the CA, DCM checks the CRL as part of the validation
process.</p>
<p><span class="uicontrol">Certificate validation</span></p>
<p>When you validate a certificate, DCM verifies a number of items pertaining
to the certificate to ensure the authenticity and validity of the certificate.
Validating a certificate ensures that applications that use the certificate
for secure communications or for signing objects are unlikely to encounter
problems when using the certificate.</p>
<p>As part of the validation process, DCM checks that the selected certificate
is not expired. DCM also checks that the certificate is not listed in a Certificate
Revocation List (CRL) as revoked, if a CRL location exists for the CA that
issued the certificate. In addition, DCM checks that the CA certificate for
the issuing CA is in the current certificate store and that the CA certificate
is enabled and therefore trusted. If the certificate has a private key (for
example, server, client, and object signing certificates), then DCM also validates
the public-private key pair to ensure that the public-private key pair match.
In other words, DCM encrypts data with the public key and then ensures that
the data can be decrypted with the private key. </p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahumanagedcm.htm" title="Use this information to learn how to use DCM to manage your certificates and the applications that use them. Also, you can learn about how to digitally sign objects and how to create and operate your own Certificate Authority.">Manage DCM</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzahurzahucertrevlist.htm" title="A Certificate Revocation List (CRL) is a file that lists all invalid and revoked certificates for a specific Certificate Authority (CA).">Certificate Revocation List (CRL) Locations</a></div>
<div><a href="rzahuvalidation_concept.htm" title="Digital Certificate Manager (DCM) provides tasks that allow you to validate a certificate or to validate an application to verify various properties that they each must have.">Validation</a></div>
</div>
</div>
</body>
</html>