Regarding the TSS REKEY and ROLLOVER knowledge document.
Q1: Does this knowledge document apply Top Secret r16 ?
Q2: Why is steps 3,4,5 - necessary?
Wouldnt it be easier to do the following:
Release : 16.0
Component : CA Top Secret for z/OS
Question 1: Answer:
The TSS REKEY and TSS ROLLOVER allows you to renew a TSS generated certificate and then propagate it to all the keyrings. If there are 10,000 keyrings, it saves the effort of updating 10,000 keyrings manually with the renewed certificate. The knowledge document or the TSS ROLLOVER will propagate the certificate to all they keyrings.
If running r16, it would be easier to use REKEY/ROLLOVER then using the long manual method.
Question 2: Answer:
Both methods are valid to renew the certificate.
The following steps would be less commands to execute:
But in the knowledge document, the TEMP certificate allows to have a backup of the certificate to fall back to if there is a problem that occurs with the TSS REPLACE command for whatever reason.