search cancel

3rd party certificate has no private key in Top Secret

book

Article ID: 189983

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

3rd party generated certificate added to Top Secret has no private key.

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

Certificate must be exported in a PKCS12 format in order for the private key to be present.

Other certificate formats like CERTDER, BASE64 and  PKCS7 will only have the public key.

After uploading the certificate to a dataset, issue a TSS CHKCERT DCDSN(dataset) command. You should get an error message indicating that a password was not specified. If you dont get this error message, then the certificate is not a PKCS12 formatted certificate package because they require a password.

To specify a password issue TSS CHKCERT DCDSN(dataset) PKCSPASS(password).

The password will be needed to add the certificate to the security file via TSS ADD(owner) DIGICERT(digicertname) DCDSN(dataset) PKCSPASS(password).

Please keep the password in a safe place. It CANNOT be retrieved. A new PKCS12 certificate package will need to be created if the password is lost.