Obtaining personal certificates from a certificate authority
We can obtain a certificate from a trusted external certificate authority (CA).
You obtain a digital certificate by sending information to a CA, in the form of a certificate request. The X.509 standard defines a format for this information, but some CAs have their own format. Certificate requests are typically generated by the certificate management tool the system uses; for example:- The runmqckm, runmqaqm, and strmqiqm commands (iKeyman tool) on Multiplatforms.
- RACF on z/OS .
The information contains your Distinguished Name and your public key. When your certificate management tool generates your certificate request, it also generates your private key, which we must keep secure. Never distribute your private key.
When the CA receives your request, the authority verifies your identity before building the certificate and returning it to you as a personal certificate.
Figure 1 illustrates the process of obtaining a digital certificate from a CA.
- User identification includes your Subject Distinguished Name.
- Certification Authority identification includes the Distinguished Name of the CA that is issuing the certificate.
Digital certificates contain additional fields other than those shown in the diagram. For more information about the other fields in a digital certificate, see What is in a digital certificate. Parent topic: Digital certificates