SSL concepts

The SSL protocol involves key concepts such as certificates, certificate authority, certificate management, key stores, and trust stores.

Certificate
A digital certificate is a digital document that validates the identity of the certificate's owner. A digital certificate contains information about the individual, such as their name, company, and public key. The certificate is signed with a digital signature by the Certificate Authority (CA), which is a trustworthy authority.
Certificate authority
A certificate authority (CA) is a trusted party that creates and issues digital certificates to users and systems. The CA, as a valid credential, establishes the foundation of trust in the certificates.
Certificate management
Certificates and private keys are stored in files called keystores. A keystore is a database of key material. Keystore information can be grouped into two categories: key entries and trusted certificate entries. The two entries can be stored in the same keystore or separately in a keystore and truststore for security purposes. Keystores and truststores are used by both the SSL client, the IMS™ TM resource adapter, and the SSL server, IMS Connect.
Keystore
A keystore holds key entries, such as the private key of the IMS TM resource adapter, and the SSL client.
Truststore
A truststore is a keystore that holds only certificates that the user trusts. Add an entry to a truststore only if the user makes a decision to trust that entity. An example of an IMS TM resource adapter (client) truststore entry is the certificate of the target SSL server, IMS Connect.
You can store key entries and trusted certificate entries in either the keystore or the truststore. You can also store them separately. The IMS TM resource adapter supports only X.509 certificates and the JKS keystore type on distributed platforms (which include Linux for System z®) and the JKS keystore type, or RACF® keyrings on z/OS®.