ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Find If Using TSS Certificate In 'Download Server Certificate is being replaced' Critical Alert

book

Article ID: 238907

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

The Broadcom Support Portal has a Critical Alert for 'Download Server Certificate is being replaced'. How do you find if you are currently using that digital certificate in Top Secret?

Environment

Release : 16.0

Component : Top Secret for z/OS

Resolution

To check if you are currently using this certificate, run the Top Secret CERTUTIL report with the following:

USER(CERTAUTH) DETAIL FIELDS(EXPIRE,SERIAL,SUBJECT)

If you see a certificate with the following in the output, then that is the Intermediate certificate that needs to be replaced (using the instructions in article 238330):

User - CERTAUTH Digicert - certname    Signed by:  None - No Record Found     
          Serial #  -     01FDA3EB6ECA75C888438B724BCFBC91                    
          Subject DN -    CN=DigiCert SHA2 Secure Server CA.O=DigiCert Inc.C=U
                          S                                                   
          Expire Date     2023/03/08                                          

Sample jcl for the CERTUTIL utility can be found in member CERTUTIL in the Top Secret r16 CAKOJCL0 library. The CERTUTIL utility is documented here:

CERTUTIL Utility