search cancel

Replacing an Expiring Certificate Signed by a Local CA

book

Article ID: 18142

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Description:

The steps to take to extend the dates on a certificate vary depending on where the certificate was generated and how it was signed.

If the Certificate was generated on site and signed by a local CA, meaning a CA certificate also generated on site, then the following steps can be taken to extend the date.

Solution:

**Step one insures that if any mistakes are made that the original certificate

can be obtained and put back into place**

  1. Backup the certificate about to expire.

    TSS EXPORT(usera) DIGICERT(SERVER) DCDSN(usera.SERVER.P12)
    PKCSPASS(password) FORMAT(PKCS12DER)

  2. GENREQ the certificate to a dataset.

    TSS GENREQ(usera) DIGICERT(SERVER) DCDSN(usera.SERVER.P10)

  3. Generate a new temporary certificate with a new NADATE and sign it with the expiring certificate.

    TSS GENCERT(usera) DIGICERT(TEMP) DCDSN(usera.SERVER.P10) NADATE(02/01/24)
    SIGNWITH(usera,SERVER)

  4. Export the certificate to a dataset:

    TSS EXPORT(usera) DIGICERT(TEMP) DCDSN(usera.TEMP.DER) FORMAT(CERTDER)

  5. Remove the temporary certificate.

    TSS REMOVE(usera) DIGICERT(TEMP)

  6. Replace the expiring certificate with the new certificate that has a new expiration date.

    TSS REP(usera) DIGICERT(SERVER) DCDSN(usera.TEMP.DER) TRUST

  7. Recycle any address space(s) that reference a keyring with the new certificate.

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: