3rd party certificate has no private key in Top Secret
Article ID: 189983
Top SecretTop Secret - LDAPWEB ADMINISTRATOR FOR TOP SECRET
3rd party generated certificate added to Top Secret has no private key.
Release : 16.0
Component : CA Top Secret for z/OS
Certificate must be exported in a PKCS12 format in order for the private key to be present.
Other certificate formats like CERTDER, BASE64 and PKCS7 will only have the public key.
After uploading the certificate to a dataset, issue a TSS CHKCERT DCDSN(dataset) command. You should get an error message indicating that a password was not specified. If you dont get this error message, then the certificate is not a PKCS12 formatted certificate package because they require a password.
To specify a password issue TSS CHKCERT DCDSN(dataset) PKCSPASS(password).
The password will be needed to add the certificate to the security file via TSS ADD(owner) DIGICERT(digicertname) DCDSN(dataset) PKCSPASS(password).
Please keep the password in a safe place. It CANNOT be retrieved. A new PKCS12 certificate package will need to be created if the password is lost.