Forums >> IBM Power Systems >> IBM i >>
Importing and Naming Certificate Authorities (CAs)



Posted:
bvstone

Importing and Naming Certificate Authorities (CAs)

 
Importing and Naming Certificate Authorities (CAs)

When using software such as our GETURI or MAILTOOL products, a lot of times you'll need to import Certificate Authorities (CAs) into your *SYSTEM Certificate Store (or another store) using Digital Certificate Mananger (DCM).  See our SSL documentation for more information on this.

Because DCM will ask you to name the CA when it's imported, we are often asked what the best naming convention is.  There are really two options for this:

1.  Name the CA what it's name "is".  If you double click on a CA on your PC, it will open up a Certificate Viewer.  Select the Certificate Path tab and you'll see the name of the CA (or all the CAs in the tree).  

The example here shows the CAs required when using Google (Gmail).  The names don't make a lot of sense to most.  But, they do offer clues as to what they are for.

2.  The second option, and the one I like to use and suggest, is to give the CAs a name that means something for their purpose.  For example, for the two CAs above I would probably call them "MAILTOOL GMail CA 1" and "MAILTOOL GMail CA 2".  This way I know what they are for (MAILTOOL) and what provider they are for (GMail).  

Because CAs, just like certificates, will expire eventually, that means you'll need to import new CAs down the road.  This makes identifying the CAs you want to remove and replace much easier down the road.


Last edited 08/18/2014 at 15:16:30


Reply




Copyright 1983-2017 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).