"CERTIFICATE WAS SIGNED BY:" not displayed on a :
TSS LIST(acid) DIGICERT(digicertname)
for a certificate added to the security file:
TSS ADD(owningacid) DIGICERT(digicertname) LABLCERT(certificatelable) DCDSN(datasetname)
Release : 16.0
If "CERTIFICATE WAS SIGNED BY:" is not displayed the signing certificate is not present on the Top Secret Security File.
To validate that the signer is NOT present on the Top Secret Security File.
The Issuer Distinguished Name tells us the signer of the certificate. Copy the signed certificate Issuer Distinguished Name.
TSS LIST(CERTAUTH) DATA(ALL)
to list out all the intermediate root and roots on the security file.
Do a find for the Issuer Distinguished Name previously copied from the signed certificate.
If Issuer Distinguished Name matches the Subject Distinguished Name of a intermediate root or root certificate, then the intermediate root or root is present on the security file.
If not found, then the intermediate root or root is NOT present on the security file and the missing "CERTIFICATE SIGNED BY" from the TSS LIST display of the certificate is valid.
Go back to the group/company that signed the certificates and:
1. Askfor the signer of the certificates so it can be added to the security file.
2. OR ask them to export the certificate to a PKCS12 package, which will include the signed certificate and all the signers. This is the preferred method. It will be easier for the group/company sending the signed certificate and you. They will only need to send you one file vs multiple files and you will only need ot handle one file.
When you TSS ADD the certificate PKCS12 package:
1. The signed certificate will be added to the security file using the DIGICERT name indicated on the TSS ADD command.
2. The signers of the certificate will be added to the security file using a DIGICERT name of AUTOnnnn.