IBM i > Administrator > Security

Manage Digital Certificates

Introducing Certificate Expiration Manager

IBM Systems Lab Services and Training now offers the Certificate Expiration Manager (CEM) utility to help organizations manage digital certificates. The tool was developed in response to an IBM client that experienced an expired certificate that brought business to a standstill.

The Background

First, let’s define some terms and provide some background on how digital certificates work. A digital certificate is an electronic “check” that establishes a user’s credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). A digital certificate contains your name, a serial number, expiration dates, a copy of the certificate holder’s public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so a recipient can verify that the certificate is real. Most digital certificates conform to the X.509 standard. Digital certificates can be kept in registries so that authenticating users can look up other users’ public keys.

Network data encryption is an important service to protect sensitive and confidential information that traverse the Internet or corporate intranets. Many services—such as Telnet, FTP and REXEC—transmit all data in clear text over the network. This includes user and password information. The same is true for Web applications. Unless network data encryption is deployed, there’s always a risk of gaining unauthorized access to information and systems.

Thus, organizations commonly use Secure Sockets Layer (SSL) or its successor protocol Transport Layer Security (TLS) to encrypt network traffic between clients and server applications. When a client establishes a secure connection to a server application, a SSL handshake is performed. During the handshake the server sends a server certificate to the client. This server certificate has to be assigned to each server application service, such as the Telnet server, FTP server, LDAP server, etc.

Digital certificates are valid for a certain period of time. After which the application becomes unavailable until the certificate is renewed.

Tweet