Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 18 Using the SSL Protocol : Digital Certificates

Digital Certificates
Digital certificates are data structures that represent identities. EMS uses certificates to verify the identities of servers and clients. Though it is not necessary to validate either the server or the client for them to exchange data over SSL, certificates provide an additional level of security.
A digital certificate is issued either by a trusted third-party certificate authority, or by a security officer within your enterprise. Usually, each user and server on the network requires a unique digital certificate, to ensure that data is sent from and received by the correct party.
In order to support SSL, the EMS server must have a digital certificate. Optionally, EMS clients may also be issued certificates. If the server is configured to verify client certificates, a client must have a certificate and have it verified by the server. Similarly, an EMS client can be configured to verify the server’s certificate. Once the identity of the server and/or client has been verified, encrypted data can be transferred over SSL between the clients and server.
A digital certificate has two parts—a public part, which identifies its owner (a user or server); and a private key, which the owner keeps confidential.
The public part of a digital certificate includes a variety of information, such as the following:
The length of time the certificate will remain valid—defined by a start date and an end date.
The most widely-used standard for digital certificates is ITU-T X.509. TIBCO Enterprise Message Service supports digital certificates that comply with X.509 version 3 (X.509v3); most certificate authorities, such as Verisign and Entrust, comply with this standard.
Digital Certificate File Formats
TIBCO Enterprise Message Service supports the following file formats for digital certificates:
Private Key Formats
TIBCO Enterprise Message Service supports the following file formats for private keys:
The EMS server uses OpenSSL to read private keys. It does not read Java KeyStore files.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved