Adding A Certificate Sets It To NOTRUST In Top Secret

book

Article ID: 15182

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

When adding a certificate to Top Secret, it is set to NOTRUST and a message is issued saying signer not found evn though the signing certificate appears to be in Top Secret. Why is this happening?

Environment

z/os

Resolution

If a certificate is being added to the security file or signed by another certificate and the signing certificate is not already on the security file, it will be added to the security file with NOTRUST.

If the signer certificate is on the security file, the certificate will be added with the TRUST status. 

The message is NOT an error message. It's is just an informational message to inform the user that the signing certificate is missing from the security file and it needs to be added.

Changing it to TRUST is the appropriate action:

TSS REPLACE(acid) DIGICERT(certname) TRUST

When listing the certificate (TSS LIST(acid) DIGICERT(certname), if the subject distinguished name and issuer distinguished name don't match, then it is a signed certificate. Look for a 'SIGNED BY'. If it is missing, the signing certificate is not on the security file.