Tivoli Netcool/OMNIbus supports the use of the Secure Sockets Layer (SSL) protocol for communication between its servers and clients.
SSL uses digital certificates for key exchange and authentication. When a client initiates an SSL connection, the server presents the client with a certificate that is signed by a Certificate Authority (CA). A CA is a trusted party that guarantees the identity of the certificate and its creator. The server certificate contains the identity of the server, the public key, and the digital signature of the certificate issuer.
By reading the server certificate, the client can determine if the server is a trusted source, and then accept or reject the connection. To verify the signature on the server certificate, the client requires the public key of the issuing CA. Because public keys are distributed in certificates, the client must have a certificate for the issuing CA. This certificate must be signed by the CA.
Server certificates can be generated for ObjectServers, process agents, and proxy servers.
In FIPS 140-2 mode, all encryption and key generation functions that are required for the secured SSL connections are provided by FIPS 140-2 approved cryptographic providers.