Digital Certificates -- How they Really Work, Part 1 of 3
Project and Program:
Enterprise Data Center,
Security and Compliance
Tags:
Proceedings,
SHARE Sacramento 2018,
2018
Starting with V2R3, IBM is no longer shipping "standard" certificate-authority (CA) certificates with RACF, putting more responsibility on you to understand and manage certificates on your own. Other sessions in this series will teach you how to install a certificate in RACF, ACF2 or TSS, and how to configure TN3270 for TLS. This session will give you an understanding of how the certificate process actually works under the covers. It is equally relevant to RACF, ACF2 and TSS systems.
The session will start with a quick review of the underlying technologies and their limitations in the absence of certificates: secret key, public key, Base 64, and digital signatures and hashes, and the anatomy of a certificate; and go on to cover in detail the protocol flows with server certificates, intermediate certificates, CA certificates and revocation lists. Finally the session will introduce you briefly (with resources for further learning) to advanced topics such as Alternative Names, wildcards, Diffie-Hellman key exchange, client certificates, code signing, and more. The presenter has studied certificate technology at the School of Hard Knocks, having designed, written, debugged and supported SSL/TLS client and server software running under both OpenSSL and z/OS System SSL.-Charles Mills-CorreLog
Back to Proceedings File Library