friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahh_5.4.0.1/dcert.htm

135 lines
8.2 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Digital certificates" />
<meta name="abstract" content="Digital certificates are digitally-signed statements used for secured transactions over the internet." />
<meta name="description" content="Digital certificates are digitally-signed statements used for secured transactions over the internet." />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="dcert" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Digital certificates</title>
</head>
<body id="dcert"><a name="dcert"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Digital certificates</h1>
<div><p>Digital certificates are digitally-signed statements used for secured
transactions over the internet.</p>
<div class="section"><p>Digital certificates can be used on servers running i5/OS™ Version
4 Release 3 (V4R3) and later. To make a secure connection using the Secure
Sockets Layer (SSL), a digital certificate is required.</p>
<p>Digital certificates
comprise the following:</p>
<ul><li>The public encryption key of the user</li>
<li>The name and address of the user</li>
<li>The digital signature of a third-party certification authority (CA). The
authority's signature means that the user is a trusted entity.</li>
<li>The issue date of the certificate</li>
<li>The expiration date of the certificate</li>
</ul>
<p>As an administrator of a secured server, you can add a certification
authority's "trusted root key" to the server. This means that your server
will trust anyone who is certified through that particular certification authority.</p>
<p>Digital
certificates also offer encryption, ensuring a secure transfer of data through
a private encryption key.</p>
<p>You can create digital certificates through
the javakey tool. (For more information about javakey and Java™ security,
see the <a href="http://java.sun.com/security/index.html" target="_blank">Sun Microsystems, Inc., Java Security page</a> <img src="www.gif" alt="Link outside Information Center" />.) The IBM<sup>®</sup> Toolbox for Java licensed program has classes that administer
digital certificates on the iSeries™ server.</p>
<p>The AS400Certificate classes
provide methods to manage X.509 ASN.1 encoded certificates. Classes are provided
to do the following:</p>
<ul><li>Get and set certificate data.</li>
<li>List certificates by validation list or user profile.</li>
<li>Manage certificates, for example, add a certificate to a user profile
or delete a certificate from a validation list.</li>
</ul>
<p>Using a certificate class causes the AS400 object to connect to the
server. See <a href="mngcon.htm#mngcon">managing connections</a> for
information about managing connections.</p>
<p>On the server, certificates
belong to a validation list or to a user profile.</p>
<ul><li>The <a href="javadoc/com/ibm/as400/access/AS400CertificateUserProfileUtil.html"> AS400CertificateUserProfileUtil</a> class has methods for
managing certificates on a user profile.</li>
<li>The <a href="javadoc/com/ibm/as400/access/AS400CertificateVldlUtil.html"> AS400CertificateVldlUtil</a> class has methods for managing
certificates in a validation list.</li>
</ul>
<p>Using AS400CertificateUserProfileUtil and AS400CertificateVldlUtil
requires that you install base operating system option 34 (Digital Certificate
Manager). These two classes extend <a href="javadoc/com/ibm/as400/access/AS400CertificateUtil.html"> AS400CertificateUtil</a>, which is an abstract base classes
that defines methods common to both subclasses.</p>
<p>The <a href="javadoc/com/ibm/as400/access/AS400Certificate.html"> AS400Certificate</a> class
provides methods to read and write certificate data. Data is accessed as an
array of bytes. The Java.Security package in Java virtual
machine 1.2 provides classes that can be used to get and set individual fields
of the certificate.</p>
</div>
<div class="section"><h4 class="sectiontitle">Listing certificates</h4><p>To get a list of certificates,
the Java program
must do the following:</p>
<ol><li>Create an AS400 object.</li>
<li>Construct the correct certificate object. Different objects are used for
listing certificates on a user profile (AS400CertificateUserProfileUtil) versus
listing certificates in a validation list (AS400CertificateVldlUtil).</li>
<li>Create selection criteria based on certificate attributes. The <a href="javadoc/com/ibm/as400/access/AS400CertificateAttribute.html"> AS400CertificateAttribute</a> class
contains attributes used as selection criteria. One or more attribute objects
define the criteria that must be met before a certificate is added to the
list. For example, a list might contain only certificates for a certain user
or organization.</li>
<li>Create a <a href="uspace.htm#uspace">user space</a> on the server
and put the certificate into the user space. Large amounts of data can be
generated by a list operation. The data is put into a user space before it
can be retrieved by the Java program. Use the <a href="javadoc/com/ibm/as400/access/AS400CertificateUtil.html#LISTCERTIFICATES(COM.IBM.AS400.ACCESS.AS400CERTIFICATEATTRIBUTE[], JAVA.LANG.STRING)"> listCertificates()</a> method to put the certificates into
the user space.</li>
<li>Use the <a href="javadoc/com/ibm/as400/access/AS400CertificateUtil.html#GETCERTIFICATES(JAVA.LANG.STRING, INT, INT)"> getCertificates()</a> method to retrieve certificates from
the user space.</li>
</ol>
</div>
<div class="section" id="dcert__dcertex1"><a name="dcert__dcertex1"><!-- --></a><h4 class="sectiontitle">Example: Listing digital certificates</h4><div class="p">The
following example lists certificates in a validation list. It lists only those
certificates belonging to a certain person. <div class="note"><span class="notetitle">Note:</span> Read the <a href="codedisclaimer.htm#codedisclaimer">Code
example disclaimer</a> for important legal information.</div>
</div>
<pre> // Create an AS400 object. The certificates are on this system.
AS400 sys = new AS400("mySystem.myCompany.com");
// Create the certificate object.
AS400CertificateVldlUtil certificateList =
new AS400CertificateVldlUtil(sys, "/QSYS.LIB/MYLIB.LIB/CERTLIST.VLDL");
// Create the certificate attribute list. We only want certificates
// for a single person so the list consists of only one element.
AS400CertificateAttribute[] attributeList = new AS400CertificateAttribute[1];
attributeList[0] =
new AS400CertificateAttribute(AS400CertificateAttribute.SUBJECT_COMMON_NAME, "Jane Doe");
// Retrieve the list that matches the criteria. User space "myspace"
// in library "mylib" will be used for storage of the certificates.
// The user space must exist before calling this API.
int count = certificateList.listCertificates(attributeList, "/QSYS.LIB/MYLIB.LIB/MYSPACE.USRSPC");
// Retrieve the certificates from the user space.
AS400Certificates[] certificates =
certificateList.getCertificates("/QSYS.LIB/MYLIB.LIB/MYSPACE.USRSPC", 0, 8);
// Process the certificates</pre>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink