TSS ADD(owner_acid) DIGICERT(digicertname) PKCSPASS(password) DCDSN(datasetname)
receives a:
TSS0942I INVALID CERTIFICATE DATA
TSS0942I
INVALID CERTIFICATE DATA
Reason:
An attempt was made to process the DCDSN (Digital Certificate data set) and
TSS detected invalid key information.
Action:
Issue the TSS command CHKCERT with the certificate data set (DCDSN) as input.
The CHKCERT will display some details about the certificate itself, and what
TSS ACID has it. Make sure the certificate specified in DCDSN is valid.
Release : 16.0
Component : Top Secret for z/OS
Certificate had a KEYSIZE of 4096.
Support for a certain KEYSIZE depends on the following:
1. Support by the operating system
2. Support by Top Secret
3. Support by the encryption type
Top Secret supports keysizes upto 4096. Older releases of z/OS doesnt support 4096.
Reducing the KEYSIZE of the certificate to 2048 will resolve the problem.