Alert Central requires the keypair certificate to have Extended Key Usage Extension with Client Authentication flag.
Is there a way to add such extension to a private key certificate via Top Secret?
Release : 16.0
Component :
Top Secret cannot generate a certificate with Extended Key Usage Extension.
1. Generate key pair certificate using a 3rd party certificate utility such as openssl and have it signed by your 3rd Party Certificate Authority.
2. Download the signed certificate files from your 3rd Party Certificate Authority such as
3. Transfer/FTP the certificate to a variable blocked DSORG=PS mainframe dataset
4. Add client certificate and it's 3rd Party signing certificates to Top Secret Security File
5. Find the auto assigned 3rd Party Root DIGICERT names
TSS LIST(CERTSITE) DIGICERT(ABCCERTS) CHAIN
to determine the auto assigned DIGICERT AUTOnnnn name(s)
6. Create keyring
TSS ADD(ABCSRVR) KEYRING(ABCRING)
7. Add certificate and 3rd party signers to the keyring
TSS ADD(ABCSRVR) KEYRING(ABCRING) RINGDATA(CERTSITE,ABCCERTS) USAGE(PERSONAL) DEFAULT
TSS ADD(ABCSRVR) KEYRING(ABCRING) RINGDATA(CERTAUTH,AUTOnnnn) USAGE(CERTAUTH) <---repeat if more than one 3rd party certificate in the root chain.
8. Authorize the started task acid to use digital certificates
TSS PERMIT(ABCSRVR) IBMFAC(IRR.DIGTCERT.LIST) ACCESS(CONTROL)