User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS

181

182

183

184

185

186

187

188

189

190

SSL Libraries Used with the Certificate/Key Management Environment

8-3

SSL Library

SMEE2

SMEE3

CORBA Service X O

Certificate/Key Management Environment

The following explains the certificate/key management environment, which is the operation environment

when SSL (Secure Socket Layer) is used.

Certificate and Private Key

To use SSL, the CA (Certification Authorities) certificate, site certificate, and corresponding private key are

required. A certificate revocation list (CRL) is also used to check the validity of a certificate.

A certificate and CRL that conform to X.509 or RFC2459 and that use an RSA key can be used.

• CA certificate

Certificate of the CA to certify that the certificate was issued by the CA. It is also referred to as a CA

certificate.

A CA may issue a certificate to a subordinate CA, in which case the certificate of the CA itself and the

certificate issued to the subordinate CA are both referred to as a CA certificate. The certificate issued

to the subordinate CA is specifically referred to as an intermediate CA certificate.

• Site certificate

Certificate issued by the CA to certify the identity of a server or client.

This certificate contains information about the user (server, client,or service) and the CA and must

always be used together with the certificate of the issuing CA.

• Private key corresponding to a site certificate

This key is paired with a public key included in the site certificate.

Note

Losing a private key makes the site certificate that it corresponds to unusable. Be sure to make a

back up of each private key.

• Certificate revocation list (CRL)

This is a list of revoked certificates that is issued by a CA.

PKCS#12 data may be used to deliver certificates and private keys or make a backup. PKCS#12 data

includes a certificate, a private key corresponding to it, and a Certification Authority certificate, all of which

are password-encrypted.

In the Certificate/Key Management Environment, you can import (register) the following types of

PKCS#12 data:

• PKCS#12 data exported (extracted) with the scsexppfx command from the Interstage certificate

environment

• PKCS#12 data exported with the cmmkpfx command from a certificate/key management

environment created with the SMEE command