90 lines
6.5 KiB
HTML
90 lines
6.5 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="task" />
|
|
<meta name="DC.Title" content="Define a CA trust list for an application" />
|
|
<meta name="abstract" content="Applications that support the use of certificates for client authentication during a Secure Sockets Layer (SSL) session must determine whether to accept a certificate as valid proof of identity. One of the criteria that an application uses for authenticating a certificate is whether the application trusts the Certificate Authority (CA) that issued the certificate." />
|
|
<meta name="description" content="Applications that support the use of certificates for client authentication during a Secure Sockets Layer (SSL) session must determine whether to accept a certificate as valid proof of identity. One of the criteria that an application uses for authenticating a certificate is whether the application trusts the Certificate Authority (CA) that issued the certificate." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu444worksecureapps.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="mng_ca_app_trust" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Define a CA trust list for an application</title>
|
|
</head>
|
|
<body id="mng_ca_app_trust"><a name="mng_ca_app_trust"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Define a CA trust list for an application</h1>
|
|
<div><p>Applications that support the use of certificates for client authentication
|
|
during a Secure Sockets Layer (SSL) session must determine whether to accept
|
|
a certificate as valid proof of identity. One of the criteria that an application
|
|
uses for authenticating a certificate is whether the application trusts the
|
|
Certificate Authority (CA) that issued the certificate.</p>
|
|
<div class="section"> <p>You can use Digital Certificate Manager (DCM) to
|
|
define which CAs an application can trust when performing client authentication
|
|
for certificates. You manage the CAs that an application trusts through a
|
|
CA trust list. </p>
|
|
<div class="p">Before you can define a CA trust list for an application,
|
|
several conditions must be met: <ul><li>The application must support the use of certificates for client authentication.</li>
|
|
<li>The definition for the application must specify that the application use
|
|
a CA trust list.</li>
|
|
</ul>
|
|
</div>
|
|
<p>If the definition for an application specifies that the application
|
|
use a CA trust list, you must define the list before the application can perform
|
|
certificate client authentication successfully. This ensures that the application
|
|
can validate only those certificates from CAs that you specify as trusted.
|
|
If users or a client application present a certificate from a CA that is not
|
|
specified as trusted in the CA trust list, the application will not accept
|
|
it as a basis for valid authentication.</p>
|
|
<p>When you add a CA to the trust
|
|
list for an application, you must ensure that the CA is enabled as well.</p>
|
|
<p>To
|
|
define a CA trust list for an application, follow these steps: </p>
|
|
</div>
|
|
<ol><li class="stepexpand"><span><a href="rzahurzahu66adcmstart.htm#rzahu66a-dcm_start">Start
|
|
DCM</a>. </span></li>
|
|
<li class="stepexpand"><span>Click <span class="uicontrol">Select a Certificate Store</span> and select <span class="uicontrol">*SYSTEM</span> as
|
|
the certificate store to open. </span> <div class="note"><span class="notetitle">Note:</span> If you have questions about
|
|
how to complete a specific form in this guided task, select the question mark
|
|
(<span class="uicontrol">?</span>) at the top of the page to access the online help. </div>
|
|
</li>
|
|
<li class="stepexpand"><span>When the Certificate Store and Password page displays, provide
|
|
the password that you specified for the certificate store when you created
|
|
it and click <span class="uicontrol">Continue</span>.</span></li>
|
|
<li class="stepexpand"><span>In the navigation frame, select <span class="uicontrol">Manage Applications</span> to
|
|
display a list of tasks.</span></li>
|
|
<li class="stepexpand"><span>From the task list, select <span class="uicontrol">Define CA trust list</span>.</span></li>
|
|
<li class="stepexpand"><span>Select the type of application (server or client) for which you
|
|
want to define the list and click <span class="uicontrol">Continue</span>. </span></li>
|
|
<li class="stepexpand"><span>Select an application from the list and click <span class="uicontrol">Continue</span> to
|
|
display a list of CA certificates that you use to define the trust list. </span></li>
|
|
<li class="stepexpand"><span>Select the CAs that the application will trust and click <span class="uicontrol">OK</span>.
|
|
DCM displays a message to confirm your trust list selections.</span> <div class="note"><span class="notetitle">Note:</span> You
|
|
can either select individual CAs from the list or you can specify that the
|
|
application will trust all or trust none of the CAs in the list. Also, you
|
|
can view or validate the CA certificate before you add it to the trust list.</div>
|
|
</li>
|
|
</ol>
|
|
<div class="section"></div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu444worksecureapps.htm" title="This topic provides information about creating application definitions and how to manage an application's certificate assignment. You can learn about defining CA trust lists that applications use as the basis of accepting certificates for client authentication.">Manage applications in DCM</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |