Sharing OPENSSL generated certificate
Article ID: 254246
Updated On:
Products
Issue/Introduction
Use the following steps to create a client certificate and would like to import the certificate in to Top Secret.
1. Generate a new client certificate(their own)
|
openssl req -config openssl.conf -newkey rsa:2048 -keyout clientcert.key -sha256 -nodes -out clientcert.csr -outform PEM |
2. Sign CSR and add extensions
Sign CSR
|
openssl x509 -req -in clientcert.csr -extensions v3_ca -extfile ./ext_file.txt -CA localca.cer -CAkey localca.key -CAcreateserial -out clientcert.cer -days 500 -sha256 -outform PEM |
3. Submit SBO ticket(or ask your admin) to connect the user with a certificate:
Connect Client
|
TSS ADDTO(itoaci) DIGICERT(ZWCCAP) LABLCERT('API ML Client certificate') DCDSN('AC892247.CLNT.CRT') TRUST |
Submit the ticket to SBO
Submit SBO
|
please connect cert AC892247.CLNT.CRT to user itoaci command TSS ADDTO(itoaci) DIGICERT(ZWCCAP) LABLCERT('API ML Client certificate') DCDSN('AC892247.CLNT.CRT') TRUST |
Environment
Release : 16.0
Resolution
To import the certificate into Top Secret, export the certificate in PKC12 format using openssl.
FTP/transfer the dataset to a dataset that is variable blocked with DSORG=PS.
Then issue a:
TSS ADD(owningacid) DIGICERT(digicertname) LABLCERT(lablcertname) DCDSN(datasetname) PKCSPASS(password)
to add the certificate to the Top Secret Security File.
Feedback
