Digital certificates are data structures that represent identities. EMS uses certificates to verify the identities of servers and clients.
A digital certificate is issued either by a trusted third-party certificate authority, or by a security officer within your enterprise. Usually, each user and server on the network requires a unique digital certificate, to ensure that data is sent from and received by the correct party. A digital certificate has two partsa public part, which identifies its owner (a user or server); and a private key, which the owner keeps confidential.
The public part of a digital certificate includes a variety of information, such as the following:
The most widely-used standard for digital certificates is ITU-T X.509. TIBCO Enterprise Message Service supports digital certificates that comply with X.509 version 3 (X.509v3); most certificate authorities, such as Verisign and Entrust, comply with this standard.
TIBCO Enterprise Message Service supports the following file formats for digital certificates:
TIBCO Enterprise Message Service supports the following file formats for private keys:
The EMS server uses OpenSSL to read private keys. It supports PEM, DER, PKCS8 and PKCS12 formats; it does not read Java KeyStore or Entrust Store files.
TIBCO Enterprise Message Service™ User’s Guide Software Release 4.3, February 2006 Copyright © TIBCO Software Inc. All rights reserved www.tibco.com |