Setting Up Your System › Configuring Secure Sockets › Certificates on the Client System

Certificates on the Client System

If your server does not have a certificate signed by a Certificate Authority, you must install the server's certificate as a trusted certificate in the client keystore. If your server requires client authentication, you must install the client certificate in the client keystore.

Sample certificates have been provided in the CA IDMS Server 'certificates' sub-directory that you can use for both Server and Client authentication. The certificates are:

• JSRVCERT—Server Certificate
• JCLICERT—Client Certificate

Several different versions (or formats) of these certificates have been included for use with the ODBC driver, JDBC Driver, and for importing on the mainframe. The file extensions for these versions are:

• .PEM—(Privacy Enhanced Mail) Base64 encoded certificates. These certificates are suitable for use with the ODBC Driver when used with the 'IDMS' communicatios protocol.
• .CERTDER.CER—Public-Key Infrastructure (X.509), or PKIX, certificates. These certificates are suitable for use with the JDBC Driver.
• .CER - DER encoded PKCS#12 package certificates. These certificates were used to create the '.PEM'-format certificates, and are suitable for importing onto the keyring on the mainframe.

All certificates contain encoded data and should always be transmitted in BINARY mode.