CORBA C++ client: Structure of a certificate

WebSphere supports the mutual authentication of servers and SSL-enabled CORBA C++ clients, based on server certificates and client certificates.

A certificate is composed essentially of two major parts: the certificate itself (the public part) and its corresponding private key. As with public-key encryption, you can freely give out the certificate (the public part), if you keep secure the private-key part.

The public portion of the certificate is also composed of two parts: information that identifies you, for example, your name and address, and a certificate chain. The certificate chain is the certificate that identifies the authority that issued (signed) your certificate, the certificate of the authority that signed their certificate (authorized them to be a Certificate Authority), and so on. The certificate chain ends with one or more self-signed certificates, each an authority that authorized itself to be a Certificate Authority. These are known as the root authorities. For more information about certificate chains, see "Certificate chains".

Even when using public-key certificates to authenticate servers within the SSL-based authentication model, those servers also have security credentials. Creating a certificate for a server is secondary and must only be done if SSL-enabled clients communicate with the server. In this case, WebSphere assumes that you have created and installed a unique SSL certificate for each server. There are many choices to make about the procedures you use to generate and maintain server certificates. "Creating SSL certificates for a CORBA C++ client" describes one way to create and administer server certificates, but there are many ways for you to tailor these procedures to match the specific needs of your enterprise and its administration policies.

WebSphere provides a test certificate that you can use during development or testing so that you can avoid any delays in setting up security for your application servers.

Note: It is very important that you understand that this is an insecure certificate; it is self-signed with a relatively weak key and does not uniquely distinguish the servers where it is used. Therefore, this test certificate should not be used in a production environment where security integrity is required.


Related tasks
Supporting SSL for CORBA C++ clients
Creating SSL certificates for a CORBA C++ client
Enabling SSL certificate security between a CORBA C++ client and an EJB server



Searchable topic ID:   ccor_sslc
Last updated: Jun 21, 2007 8:07:48 PM CDT    WebSphere Business Integration Server Foundation, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.wasee.doc/info/ee/corba/concepts/ccor_sslc.html

Library | Support | Terms of Use | Feedback