Use the Client Certificates preference page to specify
the Java Cryptographic Service Provider (Java CSP) and the keystore
type used by the Java CSP for retrieving the certificates stored in
the Microsoft Cryptography API (MS-CAPI) key store.
About this task
Client certificate authentication enables you to authenticate
with remote systems using a security device such as an integrated
circuit card (like Smart Card). Rational Developer for System z relies
on the Java CSP for the retrieval of the certificates. The certificates
are used solely for the purpose of client certificate authentication.
All updates to the certificates are outside the scope of Rational
Developer for System z. To set up client certificates on your workstation,
specify values for the following fields:
- Java Cryptography Extension (JCE) Provider
- Specify the name of the security provider as provided by the vendor
that supplies the cryptography software used to access the certificates.
- Keystore Type
- Specify the name of the keystore given by the security provider.
- hostIdMappings Object Identifier
- Specify the hostIdMappings OID. The value specified in the preferences
page must not be changed from its default value of 1.3.18.0.2.18.1
unless instructed otherwise by the systems administrator. The hostIdMappings extension (Object Identifier 1 3 18 0 2 18 1) is an IBM extension
also available for public use. The security software on the remote
system (such as RACF) automatically maps a valid certificate to the
RACF user ID provided in the extension. Changing this value may cause
the certificate authentication to fail.