ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Renew an expiring Third Party signed certificate in Top Secret

book

Article ID: 105694

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

Need to renew a certificate that is about to expire.

Issued a TSS GENREQ against the expiring certificate and sent it to the original 3rd party Certificate Authority who signed the certificate to extend the expiration date..

Downloaded the newly extended certificate to a dataset and need to know how to implement the new certificate.

Environment

Release:
Component: CM-YU

Resolution

Here are the commands to put in the new certificate. 

1. Rename LABLCERT to 'EXPIREDCERT' 
TSS REP(owningacid) DIGICERT(OLDCERT) LABLCERT(EXPIREDCERT) 

The owningacid is the owning acid of the certificate. 

2. Add new certificate to CA Top Secret. 
TSS ADD(owningacid) DIGICERT(NEWCERT) DCDSN(datasetname) LABLCERT(NEWCERT) 

'owningacid' should be the the owning acid you use when you did TSS GENREQ command. It is critical that we use the correct owning acid, otherwise the private key will be lost. 

3. Remove old certificate from keyring. 
TSS REM(TCP) KEYRING(DALKRING) RINGDATA(owningacid,OLDCERT) 

4. Add new certificate to the keyring 
TSS ADD(TCP) KEYRING(DALKRING) RINGDATA(owningacid,NEWCERT) USAGE(PERSONAL) DEFAULT 

The owningacid should be the same as the one used in step 2. 

A recycle is required for the changes to go into effect. 

To backout the changes: 

1. Remove new certificate from keyring. 
TSS REM(TCP) KEYRING(DALKRING) RINGDATA(owningacid,NEWCERT) 

2. Put back the old certificate to the keyring TSS ADD(TCP) KEYRING(DALKRING) RINGDATA(owningacid,OLDCERT) 

3. Rename the LABLCERT: 

TSS REP(owningacid) DIGICERT(NEWCERT) LABLCERT(NEWCERT) 
TSS REP(owningacid) DIGICERT(OLDCERT) LABLCERT(OLDCERT) 

Recycle the address space for the change to go into effect.