User guide
Chapter 8: Setting and Use of the Certificate/Key Management Environment Using the SMEE Command
8-4
In addition, you can import PKCS#12 data exported from the Certificate/Key Management Environment
into the following environments:
• Interstage certificate environment (by means of the scsimppfx command)
• Certificate/key management environment created with the SMEE command (by means of the
cmentpfx command)
CA (Certification Authority)
The CA (Certification Authority) is required to create a certificate.
The Certificate/Key Management Environment supports certificates issued by the following CAs:
• "Secure Site" certificates issued by the VeriSign Inc.
Reference
Certificates issued by other CAs(certification authorities) than those listed above are considered to be
granted on the condition that they conform to X.509 or RFC2459. However, the operations of such
certificates with the Interstage Application Server as well as the acquisition processes for them have
not been assured. This means that they are not in the scope of official support.
Scheme of the Certificate/Key Management Environment
The certificate/key management environment is configured as shown in Figure 8-1:
Figure 8-1 Certificate/Key Management Environment Configuration
Managing the Private Key
In key management, private keys are handled using the concept of slot and token.
The slot is an abstraction of a physical slot in which an encryption device is installed. The token is an
abstraction of a physical encryption device, to be installed in the slot.
One token is allocated to one slot, but multiple private keys can be registered in one token.
Figure 8-2 shows the relationships between slot, token, and private key.