ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Sharing Certificates in Top Secret

book

Article ID: 188115

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

How can a certificate be shared on multiple keyrings?

Environment

Release : 15.0

Component : CA Top Secret for z/OS

Resolution

Certificates owned by Certauth and Certsite can be shared on a keyring with the following permits given to the acid that owns the keyring:
IBMFAC(IRR.DIGTCERT.LIST) ACCESS(CONTROL)
IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(CONTROL)

Certificates owned by another acid can be shared on a keyring with the above permits given to the acid that owns the keyring; and, a permit to the Rdatalib class is needed to view a private key.
TSS PERMIT(user1)  RDATALIB(user1.user1keyring) ACCESS(UPDATE)

Note:
You may have to define the RDATALIB Resclass to the RDT:
TSS ADD(RDT) RESCLASS(RDATALIB) ATTR(LONG,MASK) ACLST(NONE=0000,CONTROL=6400,UPDATE=6000,READ=4000,ALL=FFFF)

You will have to define each resource as well:
TSS ADD(dept) RDATALIB(user1.)

Then you can issue the permit:
TSS PERMIT(user1)  RDATALIB(user1.user1keyring) ACCESS(UPDATE)