TSS0942I INVALID CERTIFICATE DATA - FORMAT With Top Secret
book
Article ID: 117020
calendar_today
Updated On:
Products
Top SecretTop Secret - LDAPACF2ACF2 - MISCACF2 - z/OS
Issue/Introduction
When trying to add a (PGP key format) digital certificate to a user for SFTP, the following error occurs:
TSS0942I INVALID CERTIFICATE DATA - FORMAT
What certificate formats do Top Secret (and ACF2) support for vendor supplied certificates?
Environment
Release: Component: TSSMVS
Resolution
The certificate needs to be an X.509 certificate in one of the following supported formats:
Format(CERTDER) Indicates that the exported certificate should be encoded using the X.509 Distinguished Encoding Rules (DER). This is the standard form of an X.509 certificate. It is a binary file, so if it is being transferred using FTP, BINARY or IMAGE mode must be used.
Format(CERTB64) Indicates that the exported certificate should be encoded using base-64 encoding. This encoding is applied to the standard X.509 certificate to make it possible to ship the certificate through systems, such as E-mail systems, that cannot handle binary files. This is a text file, so if it is being transferred using FTP, ASCII or TEXT mode must be used. Format(CERTB64) is the default if no format is specified.
Format(PKCS12DER) Specifies a DER-encoded PKCS#12 certificate package. This will export a certificate(and its Private key) and its CA chain. If this option is selected, a PASSWORD must also be supplied. Format PKCS12DER must be used if you need to import a PKCS#12 certificate package on Windows, since Windows cannot directly import a PKCS12B64 format PKCS#12 package.
Format(PKCS12B64) Specifies a DER-encoded then base-64 encoded PKCS #12 certificate package. This will export a certificate(and its Private key) and its CA chain. If this option is selected, a PASSWORD must also be supplied. Format (PKCS12B64) is the default if a password has been specified but no format is specified.
Format(PKCS7DER) Specifies a DER encoded PKCS 7 certificate package. This will export a certificate and its CA chain. If a certificate in the chain cannot be found under the CERTAUTH ID or the certificate is expired, an informational message will be issued and an incomplete PKCS 7 package will be created.
Format(PKCS7B64) Specifies a base-64 encoded PKCS 7 certificate package. This will export a certificate and its CA chain. If a certificate in the chain cannot be found under the CERTAUTH ID or the certificate is expired, an informational message will be issued and an incomplete PKCS 7 package will be created.