3rd party certificate has no private key in Top Secret
Article ID: 189983
Updated On:
Products
Top Secret
Top Secret - LDAP
WEB ADMINISTRATOR FOR TOP SECRET
Issue/Introduction
3rd party generated certificate added to Top Secret has no private key.
Environment
Release : 16.0
Component : CA Top Secret for z/OS
Resolution
Certificate must be exported in a PKCS12 format in order for the private key to be present.
Other certificate formats like CERTDER, BASE64 and PKCS7 will only have the public key.
After uploading the certificate to a dataset, issue a TSS CHKCERT DCDSN(dataset) command. You should get an error message indicating that a password was not specified. If you dont get this error message, then the certificate is not a PKCS12 formatted certificate package because they require a password.
To specify a password issue TSS CHKCERT DCDSN(dataset) PKCSPASS(password).
The password will be needed to add the certificate to the security file via TSS ADD(owner) DIGICERT(digicertname) DCDSN(dataset) PKCSPASS(password).
Please keep the password in a safe place. It CANNOT be retrieved. A new PKCS12 certificate package will need to be created if the password is lost.
Other certificate formats like CERTDER, BASE64 and PKCS7 will only have the public key.
After uploading the certificate to a dataset, issue a TSS CHKCERT DCDSN(dataset) command. You should get an error message indicating that a password was not specified. If you dont get this error message, then the certificate is not a PKCS12 formatted certificate package because they require a password.
To specify a password issue TSS CHKCERT DCDSN(dataset) PKCSPASS(password).
The password will be needed to add the certificate to the security file via TSS ADD(owner) DIGICERT(digicertname) DCDSN(dataset) PKCSPASS(password).
Please keep the password in a safe place. It CANNOT be retrieved. A new PKCS12 certificate package will need to be created if the password is lost.
Feedback
Yes
No
Powered by
