search cancel

Sharing OPENSSL generated certificate

book

Article ID: 254246

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Use the following steps to create a client certificate and would like to import the certificate in to Top Secret.

 

1. Generate a new client certificate(their own)

openssl req -config openssl.conf -newkey rsa:2048 -keyout clientcert.key -sha256 -nodes -out clientcert.csr -outform PEM

 

2. Sign CSR and add extensions

Sign CSR

openssl x509 -req -in clientcert.csr -extensions v3_ca -extfile ./ext_file.txt -CA localca.cer -CAkey localca.key -CAcreateserial -out clientcert.cer -days 500 -sha256 -outform PEM

 

3. Submit SBO ticket(or ask your admin) to connect the user with a certificate:

 

Connect Client

TSS ADDTO(itoaci) DIGICERT(ZWCCAP) LABLCERT('API ML Client certificate') DCDSN('AC892247.CLNT.CRT') TRUST

 

Submit the ticket to SBO

Submit SBO

please connect cert AC892247.CLNT.CRT to user itoaci command TSS ADDTO(itoaci) DIGICERT(ZWCCAP) LABLCERT('API ML Client certificate') DCDSN('AC892247.CLNT.CRT') TRUST

 

Environment

Release : 16.0

Resolution

To import the certificate into Top Secret, export the certificate in PKC12 format using openssl.

FTP/transfer the dataset to a dataset that is variable blocked with DSORG=PS.

Then issue a:

TSS ADD(owningacid) DIGICERT(digicertname) LABLCERT(lablcertname) DCDSN(datasetname) PKCSPASS(password)

to add the certificate to the Top Secret Security File.