search cancel

Move Digital Certificate ownership to CERTSITE so it can be used by multiple users

book

Article ID: 113193

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

To share a certificate with multiple users, it must be owned by CERTSITE.

How do you change ownership to CERTSITE?

Environment

Release:
Component: TSSMVS

Resolution

1. EXPORT the certificate 

TSS EXPORT(USERA) DIGICERT(USERCERT) DCDSN(dataset) FORMAT(PKCS12DER) PKCSPASS(USERCERT) 

2. Verify EXPORT was sucessfull 

TSS CHKCERT DCDSN(datasetname) PKCSPASS(USERCERT) 

3. Delete the certificate from the security file 

TSS REM(USERA) DIGICERT(USERCERT) 
 
4. Add certificate back under new owner 

TSS ADD(CERTSITE) DIGICERT(USERCERT) DCDSN(datasename) PKCSPASS(USERCERT) LABLCERT('USERA Certificate')  TRUST 
 

5. Re-add certificate back to the keyrings it is needed on.

TSS ADD(started_task_acid) KEYRING(keyringname) RINGDATA(CERTSITE,digicertname) USAGE(PERSONAL) DEFAULT 

started_task_acid - Substitute the appropriate acid for your started tasks applications that need the certificate.

keyringname - Substitute the keyring name.

digicertname - Substitute the digicertname you used for the certificate you moved to CERTSITE.