(Optional): Defining a CA trust list for an application that requires

 

Applications that support the use of certificates for client authentication during a Secure Sockets Layer (SSL) session must determine whether to accept a certificate as valid proof of identity. One of the criteria that an application uses for authenticating a certificate is whether the application trusts the Certificate Authority (CA) that issued the certificate.

The situation that this scenario describes does not require that the rate calculating application use certificates for client authentication, but that the application be able to accept certificates for authentication when they are available. Many applications provide client authentication certificate support; how you configure this support varies widely among applications. This optional task is provided to help you understand how to use DCM to enable certificate trust for client authentication as a foundation for configuring your applications to use certificates for client authentication.

Before you can define a CA trust list for an application, several conditions must be met:

• The application must support the use of certificates for client authentication.

• The DCM definition for the application must specify that the application use a CA trust list.

If the definition for an application specifies that the application use a CA trust list, define the list before the application can perform certificate client authentication successfully. This ensures that the application can validate only those certificates from CAs that you specify as trusted. If users or a client application present a certificate from a CA that is not specified as trusted in the CA trust list, the application will not accept it as a basis for valid authentication.

To use DCM to define a CA trust list for your application, complete these steps:

1. Start DCM. Refer to Starting DCM.

2. In the navigation frame, click Select a Certificate Store and select *SYSTEM as the certificate store to open.

3. When the Certificate Store and Password page displays, provide the password that you specified for the certificate store when you created it and click Continue.

4. After the navigation frame refreshes, select Manage Certificates to display a list of tasks.

5. From the task list, select Set CA status to display a list of CA certificates.

   If you have questions about how to complete a specific form in this guided task, select the question mark (?) at the top of the page to access the online help.

6. Select one or more CA certificates from the list that your application will trust and click Enable to display a list of applications that use a CA trust list.

7. Select the application from the list that needs to add the selected CA to its trust list and click OK. A message displays at the top of the page to indicate that the applications you selected will trust the CA and the certificates that it issues.

You can now configure your application to require certificates for client authentication. Follow the instructions provided by the documentation for your application.

 

Parent topic:

Scenario: Using certificates for external authentication

Previous topic: Starting applications in SSL mode