TSS GENCERT without SIGNWITH
Article ID: 266230
Updated On:
Products
Top Secret
Issue/Introduction
TSS GENCERT without SIGNWITH generates a selfsigned certificate.
Environment
Release : 16.0
Resolution
TSS GENCERT with the SIGNWITH keyword does two things:
- Generate a self signed certificates
- Signs the self signed certificate with the certificate specified in SIGNWITH keyword
- And creates a certificate chain
- Issuer Distinguished Name on the client certificates matches the Subject Distinguished Name of the Root/Signing Certificate
- To display the complete certificate chain:
TSS LIST(owning_acid) DIGICERT(digicert_name) CHAIN - Using a certificate chain is the industry standard and a good security practice.
TSS GENCERT without SIGNWITH creates a self-signed certificate:
- Issuer Distinguished Name and Subject Distinguished Name are the same
- Not part of a certificate chain
- Standalone
- Not recommended security practice.
Feedback
Yes
No
Powered by
