Managing DCM

 

After you configure Digital Certificate Manager (DCM), there are a number of certificate management tasks that you will need to perform over time.

To learn how to use DCM to manage your digital certificates, review these topics:

• Using a local CA to issue certificates for other System i models
  Review this information to learn how to use a private local CA on one system to issue certificates for use on other System i™ models.

• Managing applications in DCM
  Digital Certificate Manager (DCM) allows you to create application definitions and manage an application's certificate assignment. You can also define CA trust lists that applications use as the basis of accepting certificates for client authentication.

• Managing certificates by expiration
  Digital Certificate Manager (DCM) provides certificate expiration management support to allow administrators to manage server or client certificates, object signing certificates, and user certificates by expiration date on the local system.

• Validating certificates and applications
  You can use Digital Certificate Manager (DCM) to validate individual certificates or the applications that use them. The list of things that DCM checks differs slightly depending on whether you are validating a certificate or an application.

• Assigning a certificate to applications
  Digital Certificate Manager (DCM) allows you to assign a certificate quickly and easily to multiple applications. You can assign a certificate to multiple applications in the *SYSTEM or *OBJECTSIGNING certificate stores only.

• Managing CRL locations
  Digital Certificate Manager (DCM) allows you to define and manage Certificate Revocation List (CRL) location information for a specific Certificate Authority (CA) to use as part of the certificate validation process.

• Storing certificate keys on an IBM Cryptographic Coprocessor
  Review this information to learn how to use an installed coprocessor to provide more secure storage for your certificates' private keys.

• Managing the request location for a PKIX CA
  A Public Key Infrastructure for X.509 (PKIX) Certificate Authority (CA) is a CA that issues certificates based on the newest Internet X.509 standards for implementing a public key infrastructure.

• Managing LDAP location for user certificates
  Review this information to learn how to configure DCM to store user certificates in a Lightweight Directory Access Protocol (LDAP) server directory location to extend Enterprise Identity Mapping to work with user certificates.

• Signing objects
  Use this information to learn how to use DCM to manage certificates that you use to digitally sign objects to ensure their integrity.

• Verifying object signatures
  You can use Digital Certificate Manager (DCM) to verify the authenticity of digital signatures on objects. When you verify the signature, you ensure that the data in the object has not been changed since the object owner signed the object.

 

Parent topic:

Digital Certificate Manager (DCM)