DCM scenarios

 

These scenarios illustrate typical certificate implementation schemes to help you plan your own certificate implementation as part of your System i™ security policy. Each scenario also provides all needed configuration tasks perform to employ the scenario as described.

Using Digital Certificate Manager (DCM) and the System i platform allow you to use certificates to enhance your security policy in a number of different ways. How you choose to use certificates varies based on both your business objectives and your security needs.

Using digital certificates can help you improve your security in a number of ways. Digital certificates allow you to use the Secure Sockets Layer (SSL) for secure access to Web sites and other Internet services. You can use digital certificates to configure your virtual private network (VPN) connections. Also, you can use a certificate's key to digitally sign objects or to verify digital signatures to ensure the authenticity of objects. Such digital signatures ensure the reliability of an object's origin and protect the integrity of the object.

You can further augment system security by using digital certificates (instead of user names and passwords) to authenticate and authorize sessions between the server and users. Also, depending on how you configure DCM, you can use DCM to associate a user's certificate with his or her System i user profile or an Enterprise Identity Mapping (EIM) identifier. The certificate then has the same authorizations and permissions as the associated user profile.

Consequently, how you choose to use certificates can be complicated and depends on a variety of factors. The scenarios provided in this topic describe some of the more common digital certificate security objectives for secure communication within typical business contexts. Each scenario also describes all necessary system and software prerequisites and all the configuration tasks that perform to carry out the scenario.

 

Parent topic:

Digital Certificate Manager (DCM)
Related information
Object signing scenarios