+

Search Tips   |   Advanced Search

Certificates

Digitally signed X.509 certificates establish SSL connections. Information found in an X.509 certificate includes distinguished name, validity dates, public key information, and the certificate signature. Contents are signed in one of these ways...

    Certificate authority (CA) Trusted third-party organization or company that issues the digital certificates. The certificate authority typically verifies the identity of the individuals who are granted the unique certificate. Server-side ports that accept connections from the general public must use CA-signed certificates. Most clients or browsers already have the signer certificate that can validate the X.509 certificate so signer exchange is not necessary for a successful connection.
    Root certificate Root certificate at the top of a tree structure in either NodeDefaultRootStore or DmgrDefaultRootStore. Certificates signed by the root certificate inherit the trustworthiness of the certificate.
    Self-signed Use with a peer in a controlled environment, such as internal network communications. To complete a handshake, we must first send a copy of the entity certificate to every peer that connects to the entity.

Types of certificates:

    Personal certificates Both public and private keys. Represent the entity that owns it during a handshake.
    Signer certificates Contains just the public key. Verifies the signature of the identity received during a peer-to-peer handshake.
    Chained certificates Personal certificate signed by a root certificate. We can refresh the personal certificate without affecting the trust established. Chained certificates replace the self-signed certificate. We can import our own, or change the distinguished name of the one created by default. Change the default keystore password. Signer certificates from the self-signed certificate distributed across the security configuration are replaced with the signer certificates from the root certificate used to sign the chained certificate. A default chained certificate is created at profile creation and stored in the default keystore. The root signer (public key) of the chained certificate is added to the default truststore.