Sample TSS command for internally signed and externally signed Digital Certificates

book

Article ID: 14525

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Sample TSS commands to create internally and externally digital certificates.



Can you give example commands to create internally signed and externally signed digital certificates?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

Signed Certificate with internal root generated by TSS:

TSS GENCERT(CERTAUTH) DIGICERT(MESMROOT) SUBJECTN('CN="ESM MICRO SERVICE CERT”’)

TSS GENCERT(CERTSITE) DIGICERT(MESMPROD) -
SUBJECTN('CN="ESM MICRO SERVICE PCERT"') -
SIGNWITH(CERTAUTH,MESMROOT) LABLCERT('MESM PCERT SELF-SIGNED') -
ALTNAME('DOMAIN=USILXXXX')

TSS ADD(ESMSVC31) KEYRING(MESMRING) TARG(=)

TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTAUTH,MESMROOT) -
USAGE(CERTAUTH) TARG(=)

TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTSITE,MESMPROD) -
USAGE(PERSONAL) DEFAULT TARG(=)

 

 

Signed Certificate with external root generated by TSS:

TSS GENCERT(CERTSITE) DIGICERT(TEMP) -
SUBJECTN('CN="ESM MICRO SERVICE PCERT"') -
LABLCERT('TEMP') -
ALTNAME('DOMAIN=USILXXXX')

TSS GENREQ(CERTSITE) DIGICERT(MESMPROD) DCDSN(datasename)

Send the certificate out to be signed.


TSS ADD(CERTAUTH) DIGICERT(MESMROOT) -
DCDSN(datasetname) LABLCERT(MESMROOT) TRUST

TSS ADD(CERTSITE) DIGICERT(MESMPROD) -
DCDSN(datasetname) -
LABLCERT('MESM PCERT SELF-SIGNED') TRUST


TSS ADD(ESMSVC31) KEYRING(MESMRING) TARG(=)

TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTAUTH,MESMROOT) -
USAGE(CERTAUTH) TARG(=)

TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTSITE,MESMPROD) -
USAGE(PERSONAL) DEFAULT TARG(=)

 

Self signed Certificate:


TSS GENCERT(CERTSITE) DIGICERT(MESMPROD) -
SUBJECTN('CN="ESM MICRO SERVICE PCERT"') -
LABLCERT('MESM PCERT SELF-SIGNED') -
ALTNAME('DOMAIN=USILXXXX')

TSS ADD(ESMSVC31) KEYRING(MESMRING) TARG(=)

TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTSITE,MESMPROD) -
USAGE(PERSONAL) DEFAULT TARG(=)