ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Replacing the expiring GEOTRUST certificate for SMP/e Internet Retrieval

book

Article ID: 112029

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

The SMP/E Internet Retrieval root certificate is going to expire on 8/22/2018 and needs to be replaced.

 

Environment

Release:
Component: TSSMVS

Resolution

The new SMP/E Internet Retrieval Certificate can be found at:

https://www.websecurity.symantec.com/content/dam/websitesecurity/support/digicert/geotrust/root/DigiCertGlobalRootCA.pem

IBM  notes about the certificate:
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/5cb5ed706d254a8186256c71006d2e0a/bdee3c698260c970852582170066c99f/$FILE/New%20Certificate%20Authority.pdf

Here are sample commands to replace the expiring GEOTRUST certificate with the new version. 

1. Rename the LABLCERT of the expiring certificate since duplicate LABLCERTs are not allowed: 
TSS REP(CERTAUTH) DIGICERT(GEOTRUST) LABLCERT(EXPIREDCERT) 
2. Add the new GEOTRUST certificate to the security file using the old LABLCERT. 
TSS ADD(CERTAUTH) DIGICERT(GEOTRST2) LABLCERT(CERTAUITH.GEOTRUST) 
3. Remove the old GEOTRUST certificate from the keyring: 
TSS REM(JOE) KEYRING(SMPRING) RINGDATA(CERTAUTH,GEOTRUST) 
3. Add the new GEOTRUST certificate to the keyring" 
TSS ADD(JOE) KEYRING(SMPRING) RINGDATA(CERTAUTH,GEOTRST2) USAGE(CERTAUTH) 

Please substitute your DIGICERT and LABLCERT name in the commands above.