Creating and operating a local CA

 

After you configure the human resources HTTP Server to use Secure Sockets Layer (SSL), configure a certificate for the server to use to initiate SSL. Based on the objectives for this scenario, you have chosen to create and operate a local Certificate Authority (CA) to issue a certificate to the server.

When you use Digital Certificate Manager (DCM) to create a local CA, you are guided through a process that ensures that you configure everything that you need to enable SSL for your application. This includes assigning the certificate that the local CA issues to your Web server application. Also, you add the local CA to the Web server application's CA trust list. Having the local CA in the application's trust list ensures that the application can recognize and authenticate users that present certificates that the local CA issues.

To use Digital Certificate Manager (DCM) to create and operate a local CA and issue a certificate to your human resources server application, complete these steps:

  1. Start DCM. Refer to Starting DCM.

  2. In the navigation frame of DCM, select Create a Certificate Authority (CA) to display a series of forms. These forms guide you through the process of creating a local CA and completing other tasks needed to begin using digital certificates for SSL, object signing, and signature verification.

    If you have questions about how to complete a specific form in this guided task, select the question mark (?) button at the top of the page to access the online help.

  3. Complete the forms for this guided task. In using these forms to perform all the tasks that you need to set up a working local Certificate Authority (CA), you perform the following steps:
    1. Provide identifying information for the local CA.
    2. Install the local CA certificate on your PC or in your browser so that your software can recognize the local CA and validate certificates that the local CA issues.
    3. Choose the policy data for your local CA.

      Be sure to select that the local CA can issue user certificates.

    4. Use the new local CA to issue a server or client certificate that your applications can use for SSL connections.
    5. Select the applications that can use the server or client certificate for SSL connections.

      Be sure to select the application ID for your human resources HTTP Server.

    6. Use the new local CA to issue an object signing certificate that applications can use to digitally sign objects. This subtask creates the *OBJECTSIGNING certificate store; this is the certificate store that you use to manage object signing certificates.

      Although this scenario does not use object signing certificates, be sure to complete this step. If you cancel at this point in the task, the task ends and perform separate tasks to complete your SSL certificate configuration.

    7. Select the applications that will trust the local CA.

      Be sure to select the application ID for your human resources HTTP Server, for example, QIBM_HTTP_SERVER_MYCOTEST, as one of the applications that trusts the local CA.

When you complete the certificate configuration that your Web server application requires to use SSL, you can configure the Web server to require certificates for user authentication.

 

Parent topic:

Scenario: Using certificates for internal authentication
Previous topic: Configuring the human resources HTTP Server to use SSL
Next topic: Configuring client authentication for human resources Web server