Can i use the same digital certificate for multiple applications or address spaces?

book

Article ID: 194073

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP CA Web Administrator for Top Secret

Issue/Introduction

According to OPS/MVS manual,  3 certificates are needed to enable TLS for the following started tasks::

  • Message Hub
  • Message Server
  • ESM Microservice

 

Is there any reason, why all three started task share the same digital certificates?

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

Technically all three started task can use the same digital certificate.

Its best practice to have a unique digital certificates for each address space or application.

Would it be good to have one key that unlocked your home, all your cars, work/office, work locker, gym locker, closets and gun safe..etc?

Think of the digital certificate as a key. What happens if it is stolen. They will have access to  everything if the certificate is used for everything. If there are multiple keys, one for each address space, hackers would only be able to compromise only one address space. They would have to steal/hack there way to the other two address spaces.