Sample TSS command for internally signed and externally signed Digital Certificates
Article ID: 14525
Updated On:
Products
Issue/Introduction
Sample TSS commands to create internally and externally digital certificates.
Can you give example commands to create internally signed and externally signed digital certificates?
Environment
Component:
Resolution
Signed Certificate with internal root generated by TSS:
TSS GENCERT(CERTAUTH) DIGICERT(MESMROOT) SUBJECTN('CN="ESM MICRO SERVICE CERT”’)
TSS GENCERT(CERTSITE) DIGICERT(MESMPROD) -
SUBJECTN('CN="ESM MICRO SERVICE PCERT"') -
SIGNWITH(CERTAUTH,MESMROOT) LABLCERT('MESM PCERT SELF-SIGNED') -
ALTNAME('DOMAIN=USILXXXX')
TSS ADD(ESMSVC31) KEYRING(MESMRING) TARG(=)
TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTAUTH,MESMROOT) -
USAGE(CERTAUTH) TARG(=)
TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTSITE,MESMPROD) -
USAGE(PERSONAL) DEFAULT TARG(=)
Signed Certificate with external root generated by TSS:
TSS GENCERT(CERTSITE) DIGICERT(TEMP) -
SUBJECTN('CN="ESM MICRO SERVICE PCERT"') -
LABLCERT('TEMP') -
ALTNAME('DOMAIN=USILXXXX')
TSS GENREQ(CERTSITE) DIGICERT(MESMPROD) DCDSN(datasename)
Send the certificate out to be signed.
TSS ADD(CERTAUTH) DIGICERT(MESMROOT) -
DCDSN(datasetname) LABLCERT(MESMROOT) TRUST
TSS ADD(CERTSITE) DIGICERT(MESMPROD) -
DCDSN(datasetname) -
LABLCERT('MESM PCERT SELF-SIGNED') TRUST
TSS ADD(ESMSVC31) KEYRING(MESMRING) TARG(=)
TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTAUTH,MESMROOT) -
USAGE(CERTAUTH) TARG(=)
TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTSITE,MESMPROD) -
USAGE(PERSONAL) DEFAULT TARG(=)
Self signed Certificate:
TSS GENCERT(CERTSITE) DIGICERT(MESMPROD) -
SUBJECTN('CN="ESM MICRO SERVICE PCERT"') -
LABLCERT('MESM PCERT SELF-SIGNED') -
ALTNAME('DOMAIN=USILXXXX')
TSS ADD(ESMSVC31) KEYRING(MESMRING) TARG(=)
TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTSITE,MESMPROD) -
USAGE(PERSONAL) DEFAULT TARG(=)
Feedback
