A Certificate Authority (CA) is a trusted party that creates and issues digital certificates to users and systems. The trust in the CA is the foundation of trust in the certificate as a valid credential. A CA uses its private key to create a digital signature on a certificate that it issues to validate the certificate's origin.
Several businesses provide commercial Certificate Authority services for Internet users. However, organizations can use Digital Certificate Manager to create their own Certificate Authority to issue digital certificates to systems and users within an intranet.
Certificate Authority usage
A Certificate Authority (CA) is a central administrative entity that can issue digital certificates to users and servers. The Certificate Authority "signs" certificates with its private key to validate their authenticity. A CA can be either a publicly available entity, such as VeriSign, or it can be a privately created entity, such as a private intranet CA. Digital Certificate Manager (DCM) allows you to use both types of CA.
When you use DCM to create an intranet CA for your organization, you can use the CA to issue certificates. This can be to both servers and users on your system. When the Certificate Authority issues a user certificate, DCM automatically associates the certificate with the appropriate AS/400 user profile. This ensures that the access and authorization privileges for the certificate are the same as those for the owner's user profile.
Certificate Authority policy data
When you create a Certificate Authority (CA) with Digital Certificate Manager , you can specify the policy data for the CA. The policy data for a CA describes the signing privileges that it has. The policy data determines:
You can set or change policy data only for a CA that you create in Digital Certificate Manager .
Certificate Authority certificates
A Certificate Authority certificate is a digital document that validates the identity of the Certificate Authority (CA) that owns the certificate. A Certificate Authority certificate can be signed by another CA, such as VeriSign, or self-signed if it is an independent entity. A CA that you create in Digital Certificate Manager is an independent entity. The Certificate Authority's certificate contains identifying information about the Certificate Authority, as well as its public key.
When you download a Certificate Authority's certificate into your browser, the browser marks it as a trusted root. Your system must also recognize a CA as a trusted root before it can authenticate certificates that the CA issues. You can use Digital Certificate Manager to designate any Certificate Authority certificate as a trusted root for your system.
| [ Information Center Home Page | Feedback ] | [ Legal | AS/400 Glossary ] |