Digital Certificates and Trust Stores |
|
Digital Certificates are used for identifying an entity. Apart from identification, certificates can be used for signing software files, messages, and so on.
When two parties want to interact using digital certificates, they must approach a Certificate Authority (CA) that issues certificates. The CA is a third-party organization that both the parties trust. Once the certificates are issued by CA to an entity, the entity can use the certificate to identify itself. An entity can have more than one certificate and each certificate can be used for various purposes. A digital certificate contains the name and other identification information of the certificate holder like a serial number, expiration date, a copy of the certificate holder's public key, and the digital signature of the certificate issuing authority. A certificate is issued for a limited period of time. After that period, the certificate expires and is no longer valid. If you suspect that a certificate is compromised, it can be revoked. In such cases too the certificate is invalid. The life cycle of the certificate begins when the certificate is issued and it ends when the certificate expires or is revoked. Refer to Certificate Validation for a description on how certificate validation is handled in Process Platform.
Process Platform uses digital certificates for various purposes. For a list of the usages of digital certificates in Process Platform, refer to Usages of Digital Certificates in Process Platform. All certificates belonging to an organization are placed in a repository called a Certificate Store (this repository is managed from the Security Administration task). Certificates that are 'trusted' by an organization are configured in that organization's Certificate store. There is also a fallback repository level (called platform) where certificates are managed that are trusted by all organizations.
In Process Platform, certificates are used for signing applications, exchanging signed messages, and for SSL, trust anchors must be configured in the Security Administration task. For more information, refer to Managing Certificates.
Digital certificates can be used for authentication but these certificates must not be configured in Process Platform certificate store. However, certificates used for authentication must be configured in the browser's trust store. For more information on authentication using digital certificates and adding the certificates to the trust store, refer to Certificate based login. One of the usages of digital certificates in Process Platform is signing applications. For more information, refer to Signing Applications. SSL/TLS has been the application that is widely used for digital certificates; in Process Platform the outbound SSL/TLS connections through UDDI are managed with Security Administration.
The Service Group Trust tab of Security Administration is used for associating certificates with collections of service groups so that the service groups in a group can communicate with each other. For more information, refer to Managing Service Group Trust Stores. Note that a certificate must be added to the trust store using the Certificates tab on organization level in Security Administration before it can be associated with service groups in the Service Group Trust tab.