Digital Certificates

Use the IBM® Key Management Utility (iKeyman) to help you manage your digital certificates.

The system uses the following types of digital certificates:
  • CA and trusted certificates – Digital certificates for which the system does not have the private keys. These certificates are stored in standard DER format.
  • System certificates – A digital certificate for which the private key is maintained in the system. These certificates are stored with the private key in a secure format.
The following is some basic information about how digital certificates are used:
  • Every organization exchanging secure documents must have a certificate.
  • Every trading profile for a trading partner with whom you exchange signed and encrypted documents must have a certificate.
  • An organization or trading profile can have only one active certificate at a time. In the case of dual certificates, an organization can have one active pair of certificates; one for signature, one for encryption.
  • An organization or trading profile must have an active certificate to successfully exchange signed and encrypted documents.
  • An organization or trading profile can have multiple valid certificates.
  • Certificates can be used to sign documents you transmit by all transport methods.
  • The key length for a certificate does not have to be the same as that of a trading partner certificate.
  • Before you set the validity period for the certificate, it is recommended you read and apply the best practice recommendations from the Microsoft PKI Quick Guide. For information about the best practice recommendations for using certificates, see http://www.windowsecurity.com/articles/Microsoft-PKI-Quick-Guide-Part3.html.