How to tell if a digital certificate was generated by CA Top Secret?
Is there a way to tell if a digital certificate was created by CA Top Secret?
TSS adds an extension to the certificate telling that CA SAF genned this cert.
Inorder to see this the client needs to run the CA Top Secret SAF cert utility.
//SAFRPTCR EXEC PGM=SAFCRRPT,REGION=0M,PARM=''
//SYSUDUMP DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
RECORDID(-) detail ext
Then find the cert in question and look at the extension section. If CA SAF genned the cert, one
will, see this:
Extensions X509v3 Key Usage
CERTSIGN (06)
X509v3 Basic Constraints
SubjectType=cA
Netscape Comment
>>>>> Generated by CA SAF Certificate Management Facility <<<<<<<<