Managing Certificates |
|
All certificates that are trusted by an organization are placed in a repository called the Certificate Store. The certificate store can be found on the first tab of the Security Administration task. Certificates that are used for signing applications, signing messages exchanged between service groups, or used in validating SSL connections must be registered. A certificate is only valid when the complete chain is available, the root of the certificate chain is registered in the Certificate store, it is not expired nor revoked, and so on. Refer to Troubleshooting Certificate Status and Revocation
or Certificate Revocation List or Types of Certificates for more information.
The View certificates trusted by drop-down list in the certificates tab is the switch between the platform level certificate store and organization level certificate store. Any update done when switched to organization level will only influence your organization; similarly, any update done at the platform level will influence only the platform which can only be managed by the system administrator.
The Process Platform certificate store contains the default java certificates (located in the java installation cacerts keystore), and additional certificates added by administrators on organization or platform level. The java default store supports default trust. Therefore, for instance, when UDDI with SSL is used with The Process Platform Process Factory, nothing additional has to be configured, since its root certificate is in the default java keystore.
By default revocation checking of certificates is disabled. To turn it on, see Security Administration Properties.
You can perform the following tasks in the Certificate tab of the Security Administration window: