Certificate validation and trust policy design on UNIX and Windows systems

 

The information in this section applies to the following:

This section details the supported certificate validation trust policy for WebSphere MQ for UNIX and Windows systems. The information is organized first by specification standard (PKIX), then by policy topic: certificate, CRL, and path validation.

Some definitions of terms used in this section:

certificate policy

Determines which fields in a certificate are understood and processed.

CRL policy

Determines which fields in a certificate revocation list are understood and processed.

path validation policy

Determines how the certificate and CRL policy types interact with each other to determine if a certificate chain (a trust point "RootCA" to an end-entry "EE") is valid.

The basic and standard policies are described as separate entities because this reflects the implementation within WebSphere MQ for UNIX and Windows systems. That is, there are two separate validation classes. To validate a certificate to standard (RFC 3280) policy, an implementation first needs to validate with the basic policy and then follow this with standard policy validation.

WebSphere MQ for UNIX and Windows systems apply both the basic policy validation and the standard policy (RFC 3280) validation in that order.

 

Parent topic:

Working with Certificate Revocation Lists and Authority Revocation Lists


sy12790_