HP UX Security Products and Features Software Operations on Certificates, Certificate Library Interface, Interaction between CSSM and Certificate Library Interface

Common Data Security Architecture (CDSA) White Paper

Certificate Library Services (CL) API

CL_PassThrough function in the CL. The CL interprets the input parameters to enable the appropriate operation to be performed.

CSSM provides the general-security APIs that safeguard the CL manipulations of certificates and certificate revocation lists.

The CSSM module information files (located in /var/cdsa/cssm) contain specifications of CL-supported functions for use by the application.

The Certificate Library Interface (CLI) works with the CSSM APIs to make CL functions available to applications. CL functions perform syntactic operations (including creation, field management, signing, and verification, as well as extensibility operations and module management) on certificates and CRLs, so that applications may focus on the use of certificates rather than the mechanics of format manipulation.

Operations on Certificates

CSSM provides the general-security APIs that safeguard the CL manipulations of certificates and certificate revocation lists. The CL module provides functionality that includes:

•Certificate operations

•Certificate revocation list (CRL) operations

•Extensibility functions.

The CSSM module information files contain specifications of CL supported functions. The application can obtain and use this information.

The Certificate Library Interface (CLI) specifies the CL functions available to applications via CSSM to support certificate and certificate revocation list (CRL) formats. These functions work with the CSSM APIs to perform certificate operations, certificate revocation list operations, extensibility functions, and module management functions.