Keys and Certificates in the Key Database

Policy Server Guides › Policy Design Guide › Certificate Authorities and Web Services Variables › Keys and Certificates in the Key Database

Keys and Certificates in the Key Database

The following gets stored in the key database:

An enterprise private key and certificate for signing WS-Security documents and generating X509v3 tokens.
Public key certificates that correspond to the private keys used for signing the WS-Security documents and generating the tokens. These certificates are used to validate the WS-Security documents.

A given Policy Server may sign and/or verify WS-Security documents. Keys and certificates for signing and validation can be added to the same key database, depending on what the Policy Server is doing.

The table in the following figure shows which objects you need to add to the key database to handle particular WS-Security signing and validation requirements.

Function	WS-Security Token Type	Required Database Objects
Signing	All	Private key and certificate of Web service host enterprise.
Generating X509 Tokens	X509v3	Private key and certificate of Web service host enterprise.
Signature Validation	SAML Assertion; Sender Vouches	Certificate of issuing Web service consumer application.
	SAML Assertion; Holder-of-key	Certificates of XML request subject and issuing Web service consumer application.
	X.509v3; Username (if signed)	Certificate of trusted issuer.

Email CA Technologies about this topic