Certificate authorities (CAs) can issue public key certificates which state that the CA attests that the public key contained in the certificate belongs to you. You then use your CA-signed certificate to exchange certificates with AOL and XMPP to provide for the secure exchange of instant messages.
Certificate vendors sometimes change the product names of their offerings without changing the underlying CA certificate. AOL and XMPP cannot keep track of all the product-naming conventions of each certificate vendor.
Server certificate installed on Sametime
® Gateway must conform to RFC 3280 certificate standards. When requesting a certificate, make sure the certificate supports both server and client authentication
. Some certificate authorities provide certificates that support server authentication only or client authentication only. Certificates must include both server and client authentication EKU flags. Thawte certificates in the following list meet these standards. It is your responsibility to make sure that the certificate supports both.
As part of a public key infrastructure (PKI), a CA checks with a registration authority to verify information provided by your digital certificate. If the registration authority verifies your information, the CA can then issue a certificate to you.
For the current list of Certificate Authorities and accepted by Sametime Gateway and AOL and XMPP, see the IBM
® FAQ Tech Note #1372445, "List of Certificate Authorities (CAs) accepted by Sametime Gateway" at: www.ibm.com/support/docview.wss?&uid=swg21372445
Parent topic: Configuring TLS/SSL for Sametime Gateway