TSS ADD digital certificate receives TSS0942I
search cancel

TSS ADD digital certificate receives TSS0942I

book

Article ID: 236424

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

TSS ADD(owner_acid) DIGICERT(digicertname) PKCSPASS(password) DCDSN(datasetname)

receives a:

TSS0942I INVALID CERTIFICATE DATA

 

TSS0942I

  INVALID CERTIFICATE DATA

  Reason:

  An attempt was made to process the DCDSN (Digital Certificate data set) and
  TSS detected invalid key information.

  Action:

  Issue the TSS command CHKCERT with the certificate data set (DCDSN) as input.
  The CHKCERT will display some details about the certificate itself, and what
  TSS ACID has it. Make sure the certificate specified in DCDSN is valid.

Environment

Release : 16.0

Component : Top Secret for z/OS

Resolution

Certificate had a KEYSIZE of 4096.

Support for a certain KEYSIZE depends on the following:

1. Support by the operating system

2. Support by Top Secret

3. Support by the encryption type

Top Secret supports keysizes upto 4096. Older releases of z/OS doesnt support 4096.

Reducing the KEYSIZE of the certificate to 2048 will resolve the problem.