Before you start using digital certificates to protect your communications, you should understand what they are and what security benefits they provide.
A digital certificate is a digital document that validates the identity of the certificate's owner, much as a passport does. A trusted party, called a Certificate Authority (CA) issues digital certificates to users and servers. The trust in the CA is the foundation of trust in the certificate as a valid credential.
Each CA has a policy to determine what identifying information the CA requires in order to issue a certificate. Some Internet Certificate Authorities may require very little information, such as a distinguished name and e-mail address.
A private key and a public key are generated for each certificate. The certificate contains the public key, while the browser or a secure file stores the private key. The owner of a certificate can use these keys to "sign" and encrypt data (using cryptography), such as messages and documents, sent between users and servers. Such digital signatures ensure the reliability of an item's origin and protect the integrity of the item.
Using digital certificates and SSL-enabled browsers (such as Netscape Navigator and Microsoft Internet Explorer), your server and clients can communicate securely using the Secure Sockets Layer (SSL). Your browser can also use certificates instead of user names and passwords for more secure authentication and authorization within your intranet.
There are three types of digital certificates: Certificate Authority, System Certificates, and User Certificates. They are stored in a Certificate store.
Digital Certificate Manager (DCM) registers user certificates that you create. You can also use the DCM to register user certificates that other Certificate Authorities issue. DCM automatically associates the registered certificate with the certificate owner's AS/400 user profile.
Distinguished name
A distinguished name (DN) is the name of the person or server to whom a Certificate Authority (CA) issues a digital certificate . The certificate provides this name to indicate certificate ownership. Depending on the policy of the CA that issues a certificate, the DN can include other information. When you use Digital Certificate Manager to create your own intranet CA, the DN includes this information:
| [ Information Center Home Page | Feedback ] | [ Legal | AS/400 Glossary ] |