search cancel

Find If TSS Certificate From 'Download Server Certificate is being replaced' Critical Alert On System

book

Article ID: 238907

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

The Broadcom Support Portal has a Critical Alert for 'Download Server Certificate is being replaced'. How do you find if this digital certificate is in Top Secret?

Environment

Release : 16.0

Component : Top Secret for z/OS

Resolution

To check if this certificate is in Top Secret, run the Top Secret CERTUTIL report with the following:

USER(CERTAUTH) DETAIL FIELDS(EXPIRE,SERIAL,SUBJECT)

If you see a certificate with the following in the output, then that is the Intermediate certificate that needs to be replaced (using the instructions in article 238330):

User - CERTAUTH Digicert - certname    Signed by:  None - No Record Found     
          Serial #  -     01FDA3EB6ECA75C888438B724BCFBC91                    
          Subject DN -    CN=DigiCert SHA2 Secure Server CA.O=DigiCert Inc.C=U
                          S                                                   
          Expire Date     2023/03/08                                          

Sample jcl for the CERTUTIL utility can be found in member CERTUTIL in the Top Secret r16 CAKOJCL0 library. The CERTUTIL utility is documented here:

CERTUTIL Utility