To take part in SSL as a server, a DSA needs to have a certificate and the corresponding private key. CA Directory always stores the DSA certificate in a PEM file.
CA Directory can store the private key with the certificate, or you can specify that it stores the private key in a Hardware Security Module (HSM).
DXserver uses the DSA name to find the DSA's certificate.
If private key is stored in a PEM file, DXserver uses the DSA name to determine the name of the PEM file to access and use the certificate.
If the private key is stored in an HSM, then the PEM file holds a certificate but not the private key. DXserver uses the DSA name to determine the name of the PEM file and uses the HSM to access and apply the private key when this is required.
In either case the PEM file is named dsaname.pem (the DSA name is converted to lowercase).
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |