search cancel

Certificate Signed by another Application's Certificate in Top Secret

book

Article ID: 255788

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Created a new certificate for the TN3270 software and sent it to be signed by the CA (Certificate Authority).  After getting the certificate back it showed the certificate was signed by another certificate that is used for different application.

In listing the newly signed certificate it shows:  

CERTIFICATE WAS SIGNED BY:  ACID(CERTAUTH) DIGICERT(IZZEINTD)
 
Certificate IZZEINTD is used for the IZZE application.

Environment

Release: Top Secret 16.0

Resolution

When a certificate is created and then a Genreq is issued to create a CSR(Certificate Signing Request), the CSR is sent to the CA (Certificate Authority) to be signed.
The CA will sign the certificate and send it back.  Many times a CA will use an intermediate or Root certificate that it knows the site already has in its possession.  Root and Intermediate certificates can sign many other certificates and are not limited to being used in just one application.  This is very common.  The entire signing chain should be on the keyring.  CA certificates can be on many keyrings.