Supplied certficate authorities in RACF vs CA Top Secret

book

Article ID: 132303

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

3rd Party supplied Certificate Authorities.

Our group maintains digital certificates in both the RACF and Top Secret security productions on z/OS Version 2.2, 2.3 and 2.4. We keep an eye on the Security Server RACF Security Administrator's Guide, appendix C, which lists certificate authorities that are supplied with the operating system. In version 2.2, manual SA23-2289, we see in Appendix C, there are 26 such CAs. In version 2.3, the same associated manual Appendix C shows only 3 of these. RACF explained to us that it would make it easier for us to clean up expired such CAs. Is this how Top Secret R16 handles the supplied certificate authorities? Does the operating system enforce this or does it depend on the security product, RACF or Top Secret? 

Environment

Release:
Component: TSSMVS

Resolution

It is dependent on the security package (TSS, ACF2 or RACF). RACF supplied 3rd parties Certificate Authorities on their security file by default. TSS supplies one 3rd party Certificate Authority. You can EXPORT the certificate from RACF and TSS ADD them to TSS on an as needed basis.