Managing the request location for a PKIX CA

A Public Key Infrastructure for X.509 (PKIX) Certificate Authority (CA) is a CA that issues certificates based on the newest Internet X.509 standards for implementing a public key infrastructure.

A PKIX CA requires more stringent identification before issuing a certificate; usually by requiring that an applicant provide proof of identity through a Registration Authority (RA). After the applicant supplies the proof of identity that the RA requires, the RA certifies the applicant's identity. Either the RA or the applicant, depending on the CAs established procedure, submits the certified application to the associated CA. As these standards are adopted more widely, PKIX compliant CAs will become more widely available. You might investigate using a PKIX compliant CA if your security needs require strict access control to resources that your TLS-enabled applications provide to users. For example, Lotus® Domino® provides a PKIX CA for public use.

If you choose to have a PKIX CA issue certificates for your applications to use, you can use Digital Certificate Manager (DCM) to manage these certificates. You use DCM to configure a URL for a PKIX CA. Doing so configures Digital Certificate Manager (DCM) to provide a PKIX CA as an option for obtaining signed certificates.

To use DCM to manage certificates from a PKIX CA, you must configure DCM to use the location for the CA by following these steps:

  1. Start DCM. Refer to Starting DCM.
  2. In the navigation frame, select Manage PKIX Request Location to display a form that allows you to specify the URL for the PKIX CA or its associated RA.
  3. Enter the fully qualified URL for the PKIX CA that you want to use for requesting a certificate; for example: and click Add. Adding the URL configures DCM to add the PKIX CA as an option for obtaining signed certificates.
After you add a PKIX CA request location, DCM adds PKIX CA as an option for specifying the type of CA that you can choose for issuing a certificate when using the Create Certificate task.
Note: PKIX standards are outlined in Request For Comments (RFC) 2560.