Digital certificates for user authentication

 

Review this information to learn how to use certificates to provide a means of more strongly authenticating users who access System i™ resources.

Traditionally, users receive access to resources from an application or system based on their user name and password. You can further augment system security by using digital certificates (instead of user names and passwords) to authenticate and authorize sessions between many server applications and users. Also, you can use Digital Certificate Manager (DCM) to associate a user's certificate with that user's System i user profile or another user identity. The certificate then has the same authorizations and permissions as the associated user identity or user profile. Alternatively, you can use APIs to programmatically use your private local Certificate Authority (CA) to issue certificates to users other than System i users. These APIs provide you with the ability to issue private certificates to users when you do not want these users to have a System i user profile or other internal user identity.

A digital certificate acts as an electronic credential and verifies that the person presenting it is truly who she claims to be. In this respect, a certificate is similar to a passport. Both establish an individual's identity, contain a unique number for identification purposes, and have a recognizable issuing authority that verifies the credential as authentic. In the case of a certificate, a CA functions as the trusted, third party that issues the certificate and verifies it as an authentic credential.

For authentication purposes, certificates make use of a public key and a related private key. The issuing CA binds these keys, along with other information about the certificate owner, to the certificate itself for identification purposes.

An increasing number of applications now provide support for using certificates for client authentication during an SSL session. Currently, these System i applications provide client authentication certificate support:

Over time, additional applications may provide client authentication certificate support; review the documentation for specific applications to determine whether they provide this support.

Certificates can provide a stronger means of authenticating users for several reasons:

 

Parent topic:

Planning for DCM

Related concepts
Digital certificates for SSL secure communications