Certificate validation and trust policy design on UNIX and Windows systems
The information in this section applies to the following:
- WebSphere MQ for UNIX systems V6.0.1 and later
- WebSphere MQ for Windows systems V6.0.1 and later
This section details the supported certificate validation trust policy for WebSphere MQ for UNIX and Windows systems. The information is organized first by specification standard (PKIX), then by policy topic: certificate, CRL, and path validation.
Some definitions of terms used in this section:
- certificate policy
- Determines which fields in a certificate are understood and processed.
- CRL policy
- Determines which fields in a certificate revocation list are understood and processed.
- path validation policy
- Determines how the certificate and CRL policy types interact with each other to determine if a certificate chain (a trust point "RootCA" to an end-entry "EE") is valid.
The basic and standard policies are described as separate entities because this reflects the implementation within WebSphere MQ for UNIX and Windows systems. That is, there are two separate validation classes. To validate a certificate to standard (RFC 3280) policy, an implementation first needs to validate with the basic policy and then follow this with standard policy validation.
WebSphere MQ for UNIX and Windows systems apply both the basic policy validation and the standard policy (RFC 3280) validation in that order.
- Basic certificate policy
- Basic CRL policy
- Basic path validation policy
- Standard policy (RFC-3280)
- Standard CRL policy
- Standard path validation policy
Parent topic:
Working with Certificate Revocation Lists and Authority Revocation Lists
sy12790_