73 lines
5.0 KiB
HTML
73 lines
5.0 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Digital certificates for SSL secure communications" />
|
|
<meta name="abstract" content="Use this information to learn how to use certificates so that your applications can establish secure communication sessions." />
|
|
<meta name="description" content="Use this information to learn how to use certificates so that your applications can establish secure communication sessions." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4aagetstarteddcm.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4aeauthenticatewcerts.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzahu4ad-certs_and_ssl" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Digital certificates for SSL secure communications</title>
|
|
</head>
|
|
<body id="rzahu4ad-certs_and_ssl"><a name="rzahu4ad-certs_and_ssl"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Digital certificates for SSL secure communications</h1>
|
|
<div><p>Use this information to learn how to use certificates
|
|
so that your applications can establish secure communication sessions.</p>
|
|
<div class="p">You can use digital certificates to <a href="../rzain/rzainoverview.htm">configure applications to use the Secure Sockets Layer (SSL)</a> for
|
|
secure communications sessions. To establish an SSL session, your server always
|
|
provides a copy of its certificate for validation by the client that requests
|
|
a connection. Using an SSL connection: <ul><li>Assures the client or end-user that your site is authentic.</li>
|
|
<li>Provides an encrypted communications session to ensure that data that
|
|
passes over the connection remains private.</li>
|
|
</ul>
|
|
</div>
|
|
<p>The server and client applications work together as follows to ensure data
|
|
security: </p>
|
|
<ol><li>The server application presents the certificate to the client (user) application
|
|
as proof of the server's identity. </li>
|
|
<li>The client application verifies the server's identity against a copy of
|
|
the issuing Certificate Authority (CA) certificate. (The client application
|
|
must have access to a locally stored copy of the relevant CA certificate.)</li>
|
|
<li>The server and client applications agree on a symmetric key for encryption
|
|
and use it to encrypt the communications session.</li>
|
|
<li>Optionally, the server now can require the client to provide proof of
|
|
identify before allowing access to the requested resources. To use certificates
|
|
as proof of identity, the communicating applications must support using certificates
|
|
for user authentication. </li>
|
|
</ol>
|
|
<p>SSL uses asymmetric key (public key) algorithms during SSL initial processing
|
|
to negotiate a symmetric key that is subsequently used for encrypting and
|
|
decrypting the application's data for that particular SSL session. This means
|
|
that your server and the client use different session keys, which automatically
|
|
expire after a set amount of time, for each connection. In the unlikely event
|
|
that someone intercepts and decrypts a particular session key, that session
|
|
key cannot be used to deduce any future keys.</p>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu4aagetstarteddcm.htm" title="Use this information to help you decide how and when you might use digital certificates to meet your security goals. Use this information to learn about any prerequisites you need to install, as well as other requirements that you must consider before using DCM.">Plan for DCM</a></div>
|
|
</div>
|
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
|
<div><a href="rzahurzahu4aeauthenticatewcerts.htm" title="Review this information to learn how to use certificates to provide a means of more strongly authenticating users who access iSeries system resources.">Digital certificates for user authentication</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |