Creating an application definition

You can create and work with these two types of application definitions in Digital Certificate Manager (DCM): server or client applications that use SSL and application definitions that you use for signing objects.

To use DCM to work with SSL application definitions and their certificates, the application must first be registered with DCM as an application definition so that it has a unique application ID. Application developers register SSL-enabled applications by using an API (QSYRGAP, QsyRegisterAppForCertUse) to create the application ID in DCM automatically. Most IBM® i SSL-enabled applications are registered with DCM so that you can easily use DCM to assign a certificate to them so that they can establish an SSL session. Also, for applications that you write or purchase, you can define an application definition and create the application ID for it within DCM itself. You must be working in the *SYSTEM certificate store to create an SSL application definition for either a client application or a server application.

To use a certificate to sign objects, you first must define an application for the certificate to use. Unlike an SSL application definition, an object signing application does not describe an actual application. Instead, the application definition that you create might describe the type or group of objects that you intend to sign. You must be working in the *OBJECTSIGNING certificate store to create an object signing application definition.

To create an application definition, follow these steps:

  1. Start DCM. Refer to Starting DCM.
  2. Click Select a Certificate Store and select the appropriate certificate store. (This is either the *SYSTEM certificate store or the *OBJECTSIGNING certificate store depending on the type of application definition that you are creating.)
    Note: If you have questions about how to complete a specific form in this guided task, select the question mark (?) at the top of the page to access the online help.
  3. When the Certificate Store and Password page displays, provide the password that you specified for the certificate store when you created it and click Continue.
  4. In the navigation frame, select Manage Applications to display a list of tasks.
  5. Select Add application from the task list to display a form for defining the application.
    Note: If you are working in the *SYSTEM certificate store, DCM will prompt you to choose whether to add a server application definition or a client application definition.
  6. Complete the form and click Add. The information that you can specify for the application definition varies based on the application type. If defining a server application, specify whether the application requires client authentication. For all applications, specify whether the application can use a CA trust list to authenticate certificates. If an SSL application definition is used, optional System SSL attributes can be configured.