Managing certificates from a public Internet CA

 

Review this information to learn how to manage certificates from a public Internet CA by creating a certificate store.

After careful review of your security needs and policies, you have decided that you want to use certificates from a public Internet Certificate Authority (CA), such as VeriSign. For example, you operate a public Web site and want to use the Secure Sockets Layer (SSL) for secure communication sessions to ensure the privacy of certain information transactions. Because the Web site is available to the general public, you want to use certificates that most Web browsers can recognize readily.

Or, you develop applications for external customers and want to use a public certificate to digitally sign the application packages. By signing the application package, your customers can be sure that the package came from your company and that unauthorized parties have not altered the code while it was in transit. You want to use a public certificate so that your customers can easily and inexpensively verify the digital signature on the package. You can also use this certificate to verify the signature before sending the package to your customers.

You can use the guided tasks in Digital Certificate Manager (DCM) to centrally manage these public certificates and the applications that use them for establishing SSL connections, signing objects, or verifying the authenticity of digital signatures on objects.

Manage public certificates

When you use DCM to manage certificates from a public Internet CA, first create a certificate store. A certificate store is a special key database file that DCM uses to store digital certificates and their associated private keys. DCM allows you to create and manage several types of certificate stores based on the types of certificates that they contain.

The type of certificate store that you create, and the subsequent tasks that perform for managing your certificates and the applications that use them, depends on how you plan to use your certificates.

DCM also allows you to manage certificates that you obtain from a Public Key Infrastructure for X.509 (PKIX) Certificate Authority. To learn how to use DCM to create the appropriate certificate store and manage public Internet certificates for your applications, review these topics:

• Managing public Internet certificates for SSL communications sessions
  You can use Digital Certificate Manager (DCM) to manage public Internet certificates for your applications to use for establishing secure communications sessions with the Secure Sockets Layer (SSL).

• Managing public Internet certificates for signing objects
  You can use Digital Certificate Manager (DCM) to manage public Internet certificates to digitally sign objects.

• Managing certificates for verifying object signatures
  You can use Digital Certificate Manager (DCM) to manage the signature verification certificates that you use to validate digital signatures on objects.

 

Parent topic:

Setting up certificates for the first time

Related concepts
Public certificates versus private certificates Digital certificates for VPN connections

Related tasks
Managing the request location for a PKIX CA