DCM concepts

 

Before you start using digital certificates to enhance your system and network security policy, you need to understand what they are and what security benefits they provide.

A digital certificate is a digital credential that validates the identity of the certificate's owner, much as a passport does. The identification information that a digital certificate provides is known as the subject distinguished name. A trusted party, called a Certificate Authority (CA), issues digital certificates to users or to organizations. The trust in the CA is the foundation of trust in the certificate as a valid credential.

A digital certificate also contains a public key which is part of a public-private key pair. A variety of security functions rely on the use of digital certificates and their associated key pairs. You can use digital certificates to configure Secure Sockets Layer (SSL) sessions to ensure private, secure communication sessions between users and your server applications. You can extend this security by configuring many SSL-enabled applications to require certificates instead of user names and passwords for more secure user authentication.

To learn more about digital certificate concepts, review these topics:

• Certificate extensions
  Certificate extensions are information fields that provide additional information about the certificate.

• Certificate renewal
  The certificate renewal process that Digital Certificate Manager (DCM) uses varies based on the type of Certificate Authority (CA) that issued the certificate.

• Distinguished name
  Use this information to learn about the identification characteristics of digital certificates.

• Digital signatures
  A digital signature on an electronic document or other object is created by using a form of cryptography and is equivalent to a personal signature on a written document.

• Public-private key pair
  Every digital certificate has a pair of associated cryptographic keys that consist of a private key and a public key.

• Certificate Authority (CA)
  A Certificate Authority (CA) is a trusted central administrative entity that can issue digital certificates to users and servers.

• Certificate Revocation List (CRL) Locations
  A Certificate Revocation List (CRL) is a file that lists all invalid and revoked certificates for a specific Certificate Authority (CA).

• Certificate stores
  A certificate store is a special key database file that Digital Certificate Manager (DCM) uses to store digital certificates.

• Cryptography
  Shared and public keys are two different types of cryptographic functions that digital certificates use to provide security.

• IBM Cryptographic Coprocessors for System i
  The cryptographic coprocessor provides proven cryptographic services, ensuring privacy and integrity, for developing secure e-business applications.

• Secure Sockets Layer (SSL)
  The Secure Sockets Layer (SSL), originally created by Netscape, is the industry standard for session encryption between clients and servers.

• Application definitions
  Digital Certificate Manager (DCM) allows you to manage application definitions that will work with SSL configurations and object signing.

• Validation
  Digital Certificate Manager (DCM) provides tasks that allow you to validate a certificate or to validate an application to verify various properties that they each must have.

 

Parent topic:

Digital Certificate Manager (DCM)