ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahu_5.4.0.1/rzahustep3createandoperatealocalca.htm

101 lines
6.9 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Create and operate a Local CA" />
<meta name="DC.Relation" scheme="URI" content="rzahudcmpublicaccessscen.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahustep2configurethehumanresourceshttpservertousessl.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahustep4configureclientauthenticationforhumanresourceswebserver.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahustep3createandoperatealocalca" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Create and operate a Local CA</title>
</head>
<body id="rzahustep3createandoperatealocalca"><a name="rzahustep3createandoperatealocalca"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Create and operate a Local CA</h1>
<div><div class="section"><p>After you configure the human resources HTTP Server to use Secure
Sockets Layer (SSL), you must configure a certificate for the server to use
to initiate SSL. Based on the objectives for this scenario, you have chosen
to create and operate a Local Certificate Authority (CA) to issue a certificate
to the server. </p>
<p>When you use Digital Certificate Manager (DCM) to create
a Local CA, you are guided through a process that ensures that you configure
everything that you need to enable SSL for your application. This includes
assigning the certificate that the Local CA issues to your Web server application.
Also, you add the Local CA to the Web server application's CA trust list.
Having the Local CA in the application's trust list ensures that the application
can recognize and authenticate users that present certificates that the Local
CA issues.</p>
<p>To use Digital Certificate Manager (DCM) to create and operate
a Local CA and issue a certificate to your human resources server application,
complete these steps:</p>
</div>
<ol><li class="stepexpand"><span><a href="rzahurzahu66adcmstart.htm#rzahu66a-dcm_start">Start
DCM</a>.</span></li>
<li class="stepexpand"><span>In the navigation frame of DCM, select <span class="uicontrol">Create a Certificate
Authority (CA)</span> to display a series of forms.</span> These
forms guide you through the process of creating a Local CA and completing
other tasks needed to begin using digital certificates for SSL, object signing,
and signature verification. <div class="note"><span class="notetitle">Note:</span> If you have questions about how to complete
a specific form in this guided task, select the question mark (<span class="uicontrol">?</span>)
button at the top of the page to access the online help. </div>
</li>
<li class="stepexpand"><span>Complete the forms for this guided task. In using these forms to
perform all the tasks that you need to set up a working Local Certificate
Authority (CA), you perform the following steps: </span><ol type="a"><li class="substepexpand"><span>Provide identifying information for the Local CA. </span></li>
<li class="substepexpand"><span>Install the Local CA certificate on your PC or in your browser
so that your software can recognize the Local CA and validate certificates
that the Local CA issues. </span></li>
<li class="substepexpand"><span>Choose the policy data for your Local CA. </span> <div class="note"><span class="notetitle">Note:</span> Be
sure to select that the Local CA can issue user certificates.</div>
</li>
<li class="substepexpand"><span>Use the new Local CA to issue a server or client certificate
that your applications can use for SSL connections. </span></li>
<li class="substepexpand"><span>Select the applications that can use the server or client certificate
for SSL connections. </span> <div class="note"><span class="notetitle">Note:</span> Be sure to select the application
ID for your human resources HTTP Server.</div>
</li>
<li class="substepexpand"><span>Use the new Local CA to issue an object signing certificate
that applications can use to digitally sign objects.</span> This subtask
creates the *OBJECTSIGNING certificate store; this is the certificate store
that you use to manage object signing certificates. <div class="note"><span class="notetitle">Note:</span> Although this scenario
does not use object signing certificates, be sure to complete this step. If
you cancel at this point in the task, the task ends and you must perform separate
tasks to complete your SSL certificate configuration.</div>
</li>
<li class="substepexpand"><span>Select the applications that will trust the Local CA. </span> <div class="note"><span class="notetitle">Note:</span> Be sure to select the application ID for your human resources
HTTP Server, for example, <samp class="codeph">QIBM_HTTP_SERVER_MYCOTEST</samp>, as one
of the applications that trusts the Local CA. </div>
</li>
</ol>
</li>
</ol>
<div class="section"><p>When you complete the certificate configuration that your Web server
application requires to use SSL, you can configure the Web server to require
certificates for user authentication.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahudcmpublicaccessscen.htm" title="In this scenario, you to learn how to use certificates as an authentication mechanism to protect and restrict which resources and applications that internal users can access on your internal servers.">Scenario: Use certificates for internal authentication</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzahustep2configurethehumanresourceshttpservertousessl.htm">Configure the human resources HTTP Server to use SSL</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzahustep4configureclientauthenticationforhumanresourceswebserver.htm">Configure client authentication for human resources Web server</a></div>
</div>
</div>
</body>
</html>