88 lines
6.0 KiB
HTML
88 lines
6.0 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Certificate Authority (CA)" />
|
|
<meta name="abstract" content="A Certificate Authority (CA) is a trusted central administrative entity that can issue digital certificates to users and servers." />
|
|
<meta name="description" content="A Certificate Authority (CA) is a trusted central administrative entity that can issue digital certificates to users and servers." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4abunderstanddc.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzahudigsig.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzahukeypair.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzahu02m_certificate_authority" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Certificate Authority (CA)</title>
|
|
</head>
|
|
<body id="rzahu02m_certificate_authority"><a name="rzahu02m_certificate_authority"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Certificate Authority (CA)</h1>
|
|
<div><p>A Certificate Authority (CA) is a trusted central administrative
|
|
entity that can issue digital certificates to users and servers. </p>
|
|
<p>The trust in the CA is the foundation of trust in the certificate as a
|
|
valid credential. A CA uses its private key to create a digital signature
|
|
on the certificate that it issues to validate the certificate's origin. Others
|
|
can use the CA certificate's public key to verify the authenticity of the
|
|
certificates that the CA issues and signs. </p>
|
|
<p>A CA can be either a public commercial entity, such as VeriSign, or it
|
|
can be a private entity that an organization operates for internal purposes.
|
|
Several businesses provide commercial Certificate Authority services for Internet
|
|
users. Digital Certificate Manager (DCM) allows you to manage certificates
|
|
from both public CAs and private CAs. </p>
|
|
<p>Also, you can use DCM to operate your own private Local CA to issue private
|
|
certificates to systems and users. When the Local CA issues a user certificate,
|
|
DCM automatically associates the certificate with the user's <span class="keyword">iSeries™</span> system
|
|
user profile or other user identity. Whether DCM associates the certificate
|
|
with a user profile or with a different user identity for the user depends
|
|
on whether you configure DCM to work with Enterprise Identity Mapping (EIM).
|
|
This ensures that the access and authorization privileges for the certificate
|
|
are the same as those for the owner's user profile.</p>
|
|
<p><span class="uicontrol">Trusted root status</span></p>
|
|
<p>The term trusted root refers to a special designation that is given to
|
|
a Certificate Authority certificate. This trusted root designation allows
|
|
a browser or other application to authenticate and accept certificates that
|
|
the Certificate Authority (CA) issues. </p>
|
|
<p>When you download a Certificate Authority's certificate into your browser,
|
|
the browser allows you to designate it as a trusted root. Other applications
|
|
that support using certificates must also be configured to trust a CA before
|
|
the application can authenticate and trust certificates that a specific CA
|
|
issues. </p>
|
|
<p>You can use DCM to enable or disable the trust status for a Certificate
|
|
Authority (CA) certificate. When you enable a CA certificate, you can specify
|
|
that applications can use it to authenticate and accept certificates that
|
|
the CA issues. When you disable a CA certificate, you cannot specify that
|
|
applications can use it to authenticate and accept certificates that the CA
|
|
issues.</p>
|
|
<p><span class="uicontrol">Certificate Authority policy data</span></p>
|
|
<div class="p">When you create a Local Certificate Authority (CA) with Digital Certificate
|
|
Manager, you can specify the policy data for the Local CA. The policy data
|
|
for a Local CA describes the signing privileges that it has. The policy data
|
|
determines: <ul><li>Whether the Local CA can issue and sign user certificates.</li>
|
|
<li>How long certificates that the Local CA issues are valid.</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu4abunderstanddc.htm" title="View this information to better understand what digital certificates are and how they work. Learn about the different types of certificates and how you can use them as part of your security policy.">DCM concepts</a></div>
|
|
</div>
|
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
|
<div><a href="rzahudigsig.htm" title="A digital signature on an electronic document or other object is created by using a form of cryptography and is equivalent to a personal signature on a written document.">Digital signatures</a></div>
|
|
<div><a href="rzahukeypair.htm" title="Every digital certificate has a pair of associated cryptographic keys that consist of a private key and a public key.">Public-private key pair</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |