Storing and Managing Digital Certificates

This page contains all necessary steps for storing and managing digital vertificates.

Digital Certificates Administration:

Storing and managing Digital Certificates is done from [Security] item located on Tec3270 main menu.

On clicking over this item an submenu is shown, containing an options list from which {Certificates Admin} should be selected.

The 'Certificates Admin' dialog is presented in order to permit making all necessary operations, like digital certificates importing, exporting, removing and exhibition.

Digital Certificates are stored in four different sections:

•	Personal Certificates:
	This is where are stored personal certificates, that is, certificates that have Client Authentication as its main purpose.
•	Other Certificates:
	This is where are stored certificates that aren't personal, neither from Certification Authorities. Server Certificates, for instance, are stored here.
•	Intermediate CAs:
	This is where are stored intermediate Certification Authorities (CA) certificates, that is, authority certificates that were signed by other Certification Authority (CA).
•	Trusted CAs:
	This is where are stored trusted Certification Authorities certificates, that is, authority certificates that were self signed, where the certificate Issuer is exactly the same as the certificate Subject and the authority was choosed to be trusted.

The Digital Certificates, stored on each section, could be selected according of their purpose by selecting one from those presented by [Purpose] box located on dialog top.

For each selected certificate, its purpose set is shown on 'Certificates purposes' located on dialog bottom.

When an Server presents its Digital Certificate, if the option 'Verify Server Digital Certificate' is selected on Security Options dialog, the Server certificate issuer is searched on Intermediate CAs or Trusted CAs sections of stored certificates, in addition to its whole internal validation.

From this reason, when the Security Alert dialog is presented, pointing to an untrusted Certificate Issuer, it means that it wasn't found on any of above sections.

If is desired to have it trusted, its Digital Certificate must be imported using the 'Import' wizard on Certificate Admin dialog and it will be automatically stored on the right section. This action will eliminate the Security Alert presentation by this reason (untrusted Certificate Issuer).

Refer to Certificate Admin dialog for getting more informations.