Losing the private key after getting the certificate back their Certificate Signing Request from a 3rd party Certificate Authority.
search cancel

Losing the private key after getting the certificate back their Certificate Signing Request from a 3rd party Certificate Authority.

book

Article ID: 17619

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Description:

Generated a certificate signing request with the TSS GENREQ commands so it can be signed by a 3rd party Certificate Authority like Verisign.

When the certificate is returned from the 3rd party Certificate Authority (ie Verisign), added back to the CA Top Secret Security File, and then TSS LIST the certificate, the private key is lost. The private keysize no longer shows up in the TSS LIST display which indicates no private key.

Solution:

When adding the certificate back to the CA Top Secret Security File, it must be added back to the original owning acid under a new DIGICERT name.


   TSS ADD(original_owning_acid) DIGICERT(new_digicertname) DCDSN(signed.certificate.datasetname) TRUST

When you TSS GENREQ a certificate on the CA Top Secret Security File to be signed by a 3rd party Certificate Authority, the private key and public key are separated.

The private key of the certificate remains on the CA Top Secret Security File.

The public key is written to a dataset and needs to be sent to the 3rd Party Certificate Authority to be signed.

Once the certificate is signed and returned to you, it must be added back to the original owner of the certificate so that the private key and the public key will get re-united.

If the certificate is added back to a different acid, the private key cannot be re-united with the public key.

The private key can also be lost, if you delete the original certificate. The original certificate must not be deleted until the newly signed certificate has been successfully added back to the CA Top Secret Security File.

Once the signed certificate has been added back to the CA Top Secret Security File successfully, the original unsigned certificate can be deleted.

Environment

Release:
Component: AWAGNT
Powered by Wolken Software