|
|
|
The following types of certificates are stored in smkeydatabase at the consuming authority site:
Used for establishing an SSL connection from a consuming authority to the web server at a producing authority.
A set of common root CA certificates are shipped with the default smkeydatabase. To use a certificate for a CA that are not already in the key store, you must import the certificate into the database.
Used for sending a certificate from a consuming authority to a producing authority. The certificate serves as credentials when the consumer must authenticate using a client certificate authentication scheme to access the Assertion Retrieval or Artifact Resolution Service.
Used for performing digital signature verification at the consuming authority site to ensure the authority issuing the assertion is a trusted site. At a SAML 2.0 Identity Provider, the partner certificate is used to verify the signed messages from the Service Provider during single logout. The Service Provider's certificate must exist at Identity Provider's machine.
When the Web Agent initializes, it gets all the client and server certificates, but the keys remain at the Policy Server.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |