Initial configuration - Security Verify Access

We create certificates used by the ISAM servers during the initial configuration of the servers. The ISAM servers use these certificates to securely communicate with other servers. In a new installation, the policy server is the first server configured. During the configuration, two certificates are created:

• PDCA certificate
• Personal certificate (Used by the policy server and signed by the PDCA certificate)

Both of these certificates are in the ivmgrd.kdb key file. During the policy server configuration, the runtime key file pd.kdb is created. The PDCA certificate is inserted into it as a trusted certificate.

When new systems are added to the SVA domain, the runtime package is configured first. As part of this configuration, the system pd.kdb and pd.sth files are created. The PDCA certificate is included in the key files as a trusted certificate.

When new resource managers, such as WebSEAL, are configured, the svrsslcfg utility or an equivalent API is run. This utility creates a key file (such as pdacld.kdb) and places a personal certificate for the server in it. The utility also inserts the PDCA certificate as a trusted certificate in the key file. These two certificates are obtained from the policy server. The certificates are transported to the client system over SSL with the runtime key file.

For more information about the configuration files and certificate-related stanza entries, such as the configured key file and the configured stash files, see Configuration file reference.

Parent topic: Certificate and password management