Certificate Authority

By using SSL, TIBCO MFT Platform Server for z/OS uses certificate authority (CA) to certify the certificate that is received from the sender in a data transfer. To make sure the CA that issued the digital certificate can be trusted, the platform server with SSL uses a Trusted CA file.

In a data transfer, a CA issues a digital signature and adds the digital signature to the certificate that is received from the sender. A digital signature is simply a piece of data that is encrypted by using the private key of the certificate authority. The receiver uses the public key from the sender to decrypt and validate the data. When the certificate is checked, you can see the CA that created the certificate.

Note: You must store the certificates received from the CA to a key ring file. For how to generate a key ring file, see Creating Key Ring Files.

To make sure the CA that issues the digital certificate can be trusted, the platform server uses a Trusted CA file to define the CAs that SSL trusts. The platform server with SSL checks the Trusted CA file to see whether the CA that issues the digital certificate is listed in the file. If the CA is in the Trusted CA file, the platform server with SSL uses the public key to decrypt and validate the digital signature in the certificate that is received from the sender in a data transfer. The platform server with SSL only accepts a certificate request when the CA that issues the digital certificate is in the Trusted CA file and the digital signature is valid.

Certificates uses the Base64 encoding format. The following example shows a sample certificate that is encoded in the Base64 format: 
-----BEGIN CERTIFICATE-----                                     
MIICdzCCAeCgAwIBAgIDNYAGMA0GCSqGSIb3DQEBBAUAMIGHMQswCQYDVQ
QGEwJaQTEiMCAGA1UECBMZRk9SIFRFU1RJTkcgUFVSUE9TRVMgT05MWTEd
MBsGA1UEChMUVGhhd3RlIENlcnRpZmljYXRpb24xFzAVBgNVBAsTDlRFU1
QgVEVTVCBURVNUMRwwGgYDVQQDExNUaGF3dGUgVGVzdCBDQSBSb290MB4X
DTAxMDgyNzE3MDI1NFoXDTAxMDkxNzE3MDI1NFowUjELMAkGA1UEBhMCVV
MxETAPBgNVBAoTCFByb2dpbmV0MRQwEgYDVQQLEwtEZXZlbG9wbWVudDEa
MBgGA1UEAxMRUHJvZ2luZXQgRW1wbG95ZWUwgZ8wDQYJKoZIhvcNAQEBBQ
ADgY0AMIGJAoGBALnB6f3CSDhcWMChxsmxqtNG7qL8tsiUaXSslRnRCFXg
tiY3mnZyxcLfr0EzfD9MyyLTENO6VVknE7hlS65uMuU1lrxrRr45xuf0+X
tGzoGD9l8j+Ux0/fmS9xKiyBS5+cBt8xMPHPqWgqESBO9cx1QbRctpZ7FT
c2yPCV3ZpKGjAgMBAAGjJTAjMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1
UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEABogHOgfpnJClIeybjDDt
KqbWuelhDbnCRJg1HMtioGk6/AUC3ZTGh+Jq6O+PbQ/Y+O7T4LcadFNukJ
12EOcv3C2z31YrbwSn5WaPkilhQMEImmGpQ4tM90XSn+2l6IvS6mtbtLvK
6Qb68cSlpxogugmFN9egZbOezR2DU+5arSc=                                                
-----END CERTIFICATE-----