ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahu_5.4.0.1/rzahurzahu02mcertificateauthority.htm

88 lines
6.0 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Certificate Authority (CA)" />
<meta name="abstract" content="A Certificate Authority (CA) is a trusted central administrative entity that can issue digital certificates to users and servers." />
<meta name="description" content="A Certificate Authority (CA) is a trusted central administrative entity that can issue digital certificates to users and servers." />
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4abunderstanddc.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahudigsig.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahukeypair.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahu02m_certificate_authority" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Certificate Authority (CA)</title>
</head>
<body id="rzahu02m_certificate_authority"><a name="rzahu02m_certificate_authority"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Certificate Authority (CA)</h1>
<div><p>A Certificate Authority (CA) is a trusted central administrative
entity that can issue digital certificates to users and servers. </p>
<p>The trust in the CA is the foundation of trust in the certificate as a
valid credential. A CA uses its private key to create a digital signature
on the certificate that it issues to validate the certificate's origin. Others
can use the CA certificate's public key to verify the authenticity of the
certificates that the CA issues and signs. </p>
<p>A CA can be either a public commercial entity, such as VeriSign, or it
can be a private entity that an organization operates for internal purposes.
Several businesses provide commercial Certificate Authority services for Internet
users. Digital Certificate Manager (DCM) allows you to manage certificates
from both public CAs and private CAs. </p>
<p>Also, you can use DCM to operate your own private Local CA to issue private
certificates to systems and users. When the Local CA issues a user certificate,
DCM automatically associates the certificate with the user's <span class="keyword">iSeries™</span> system
user profile or other user identity. Whether DCM associates the certificate
with a user profile or with a different user identity for the user depends
on whether you configure DCM to work with Enterprise Identity Mapping (EIM).
This ensures that the access and authorization privileges for the certificate
are the same as those for the owner's user profile.</p>
<p><span class="uicontrol">Trusted root status</span></p>
<p>The term trusted root refers to a special designation that is given to
a Certificate Authority certificate. This trusted root designation allows
a browser or other application to authenticate and accept certificates that
the Certificate Authority (CA) issues. </p>
<p>When you download a Certificate Authority's certificate into your browser,
the browser allows you to designate it as a trusted root. Other applications
that support using certificates must also be configured to trust a CA before
the application can authenticate and trust certificates that a specific CA
issues. </p>
<p>You can use DCM to enable or disable the trust status for a Certificate
Authority (CA) certificate. When you enable a CA certificate, you can specify
that applications can use it to authenticate and accept certificates that
the CA issues. When you disable a CA certificate, you cannot specify that
applications can use it to authenticate and accept certificates that the CA
issues.</p>
<p><span class="uicontrol">Certificate Authority policy data</span></p>
<div class="p">When you create a Local Certificate Authority (CA) with Digital Certificate
Manager, you can specify the policy data for the Local CA. The policy data
for a Local CA describes the signing privileges that it has. The policy data
determines: <ul><li>Whether the Local CA can issue and sign user certificates.</li>
<li>How long certificates that the Local CA issues are valid.</li>
</ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu4abunderstanddc.htm" title="View this information to better understand what digital certificates are and how they work. Learn about the different types of certificates and how you can use them as part of your security policy.">DCM concepts</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzahudigsig.htm" title="A digital signature on an electronic document or other object is created by using a form of cryptography and is equivalent to a personal signature on a written document.">Digital signatures</a></div>
<div><a href="rzahukeypair.htm" title="Every digital certificate has a pair of associated cryptographic keys that consist of a private key and a public key.">Public-private key pair</a></div>
</div>
</div>
</body>
</html>