search cancel

Order of certificates in a Certificate Package added in Top Secret

book

Article ID: 225686

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Adding a Certificate package received from a Certificate Athority.
Is there a way to issue the TSS ADD command to CERTAUTH so the signer certificates get added first followed by the personal certificate?

Environment

Release : 16.0

Component :

Resolution

The section PKCS 7 and PKCS12 Processing in the Top Secret documentation documents the order the certificates are added via:

TSS ADD(owning_acid) DIGICERT(digicertname) DCDSN(datasetname) PKCSPASS(password)

to the Security File from a certificate package. The order cannot be changed.

Note: If the certificates were generated in Top Secret and sent out to be signed, when adding the signed version of the certificate, the 'owning_acid' should be the same owning acid of the original unsigned versions of the certificate that was created in Top Secret.

If a different name is preferred than the auto generated names (AUTOnnnn) for the root certificates in the certificate package, TSS EXPORT the certificate to a dataset, delete it from the Security File and re-add it with the desired name.

Example:

TSS EXPORT(CERTAUTH) DIGICERT(AUTOnnnn) DCDSN(dataset_name)
TSS REMOVE(CERTAUTH) DIGICERT(AUTOnnnn)
TSS ADD(CERTAUTH) DIGICERT(desired_name) DCDSN(dataset_name) LABLCERT(desired_ceritifcate_label_name) TRUST