TSS0472E INVALID PRIVATE KEY SIZE With TSS GENCERT KEYSIZE(4096)
search cancel

TSS0472E INVALID PRIVATE KEY SIZE With TSS GENCERT KEYSIZE(4096)

book

Article ID: 193173

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

The command:

TSS GENCERT(CERTSITE) DIGICERT(CEMCERT) SIGNWITH(CERTAUTH,SYS5TSS) SUBJECTN('C=US, O=CA, CN=xxx.xxx.xxx.net') 
          KEYUSAGE('xxxxxxx') KEYSIZE(4096)

Receives:

TSS0472E INVALID PRIVATE KEY SIZE

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

KEYSIZE 4096 is supported by certain key types which is mentioned in the manual.

The signing certificate also needs to have keysize of 4096. If the keysize of the signing cert is not 4096, you will either need to use an existing one or create a new one.

Powered by Wolken Software