Can Multiple Unused "Certsign" Digital Certificates Be Removed From The Top Secret Security File?
Article ID: 25553
Updated On:
Products
Cleanup
WEB ADMINISTRATOR FOR TOP SECRET
Top Secret
Top Secret - LDAP
Issue/Introduction
If there are multiple "certsign" Digital Certificates keys that are not being used, can they be removed from the CA Top Secret Security File?
Digital Certificates with KEYUSAGE(CERTSIGN) inidicate the certificate is used to sign other certificates.
Environment
Release:
Component: AWAGNT
Component: AWAGNT
Resolution
Yes. The digital certificate can be deleted if it truly is not being used.
Issue a:
TSS LIST(owningacid) SEGMENT(CERTDATA)
to determine if the certificate is being used on any keyring. If not, it may be deleted.
Issue a:
TSS LIST(owningacid) SEGMENT(CERTDATA)
to determine if the certificate is being used on any keyring. If not, it may be deleted.
Additional Information
For more details about KEYUSAGE(CERTSIGN), see the following link:
KEYUSAGE—Specify Key Usage Extension
Feedback
Yes
No
Powered by
