TSS0942I INVALID CERTIFICATE DATA - FORMAT With Top Secret
search cancel

TSS0942I INVALID CERTIFICATE DATA - FORMAT With Top Secret

book

Article ID: 117020

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP ACF2 ACF2 - MISC ACF2 - z/OS

Issue/Introduction

When trying to add a (PGP key format) digital certificate to a user for SFTP, the following error occurs:

TSS0942I INVALID CERTIFICATE DATA - FORMAT

What certificate formats do Top Secret (and ACF2) support for vendor supplied certificates?

Environment

Release:
Component: TSSMVS

Resolution

The certificate needs to be an X.509 certificate in one of the following supported formats:

  • Format(CERTDER) Indicates that the exported certificate should be encoded using the X.509 Distinguished Encoding Rules (DER). This is the standard form of an X.509 certificate. It is a binary file, so if it is being transferred using FTP, BINARY or IMAGE mode must be used.
  • Format(CERTB64) Indicates that the exported certificate should be encoded using base-64 encoding. This encoding is applied to the standard X.509 certificate to make it possible to ship the certificate through systems, such as E-mail systems, that cannot handle binary files. This is a text file, so if it is being transferred using FTP, ASCII or TEXT mode must be used. Format(CERTB64) is the default if no format is specified.
  • Format(PKCS12DER) Specifies a DER-encoded PKCS#12 certificate package. This will export a certificate(and its Private key) and its CA chain. If this option is selected, a PASSWORD must also be supplied. Format PKCS12DER must be used if you need to import a PKCS#12 certificate package on Windows, since Windows cannot directly import a PKCS12B64 format PKCS#12 package.
  • Format(PKCS12B64) Specifies a DER-encoded then base-64 encoded PKCS #12 certificate package. This will export a certificate(and its Private key) and its CA chain. If this option is selected, a PASSWORD must also be supplied. Format (PKCS12B64) is the default if a password has been specified but no format is specified.
  • Format(PKCS7DER) Specifies a DER encoded PKCS 7 certificate package. This will export a certificate and its CA chain. If a certificate in the chain cannot be found under the CERTAUTH ID or the certificate is expired, an informational message will be issued and an incomplete PKCS 7 package will be created. 
  • Format(PKCS7B64) Specifies a base-64 encoded PKCS 7 certificate package. This will export a certificate and its CA chain. If a certificate in the chain cannot be found under the CERTAUTH ID or the certificate is expired, an informational message will be issued and an incomplete PKCS 7 package will be created. 


     
Powered by Wolken Software