The SSL protocol involves key concepts such
as certificates,
certificate authority, certificate management, key stores, and trust
stores.
- Certificate
- A digital certificate is a digital document that validates the
identity of the certificate's owner. A digital certificate contains
information about the individual, such as their name, company, and
public key. The certificate is signed with a digital signature by
the Certificate Authority (CA), which is a trustworthy authority.
- Certificate authority
- A certificate
authority (CA) is a trusted party that creates and
issues digital certificates to users and systems. The CA, as a valid
credential, establishes the foundation of trust in the certificates.
- Certificate management
- Certificates
and private keys are stored in files called keystores.
A keystore is a database of key material. Keystore information can
be grouped into two categories: key entries and trusted certificate
entries. The two entries can be stored in the same keystore or separately
in a keystore and truststore for security purposes. Keystores and
truststores are used by both the SSL client, the IMS™ TM
resource adapter, and
the SSL server, IMS Connect.
- Keystore
- A keystore holds
key entries, such as the private key of the IMS TM
resource adapter, and
the SSL client.
- Truststore
- A truststore
is a keystore that holds only certificates that the
user trusts. Add an entry to a truststore only if the user makes a
decision to trust that entity. An example of an IMS TM
resource adapter (client)
truststore entry is the certificate of the target SSL server, IMS Connect.
You
can store key entries and trusted
certificate entries in either the keystore or the truststore. You
can also store them separately. The
IMS TM
resource adapter supports
only X.509 certificates and the JKS keystore type on distributed platforms
(which include Linux for System z®) and the JKS keystore
type, or RACF® keyrings on z/OS®.