TELNET Signed Certificate Setup with CA TOP SECRET as the Certificate Authority
search cancel

TELNET Signed Certificate Setup with CA TOP SECRET as the Certificate Authority

book

Article ID: 26786

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

 This document describes how to setup CA TOP SECRET generated DIGITAL CERTIFICATES signed by a CA TOP SECRET Certificate Authority (CA) for use with TELNET.

Resolution

NOTE:
The following are example commands and may vary depending on your site's naming conventions and environment. Please adjust the sample commands accordingly.

  1.   Generate a Certificate Authority by Top Secret. 
    Example:

    TSS GENCERT(CERTAUTH) DIGICERT(TSSCA) -
    SUBJECTN('O="COMPANYA" CN=" TSS CA" -
    OU="SYSTEMSDEPT" C="US" ') -
    LABLCERT('TSSCA') KEYUSAGE(CERTSIGN)

    • TSSCA is the digital certificate name in Top Secret.
    • The LABELCERT is 'TSSCA'.
    • Modify the SUBJECTN to your site standards.


  2. Generate a certificate for the TCP started task with the TSS GENCERT command which is signed with the Top Secret generated Certificate Authority 'TSSCA':

    Example:

    TSS GENCERT(TCP) DIGICERT(TCPCERTS) -
    SUBJECTN('O="COMPANYA" CN=" TCP cert" -
    OU="SYSTEMSDEPT" C="US" ') -
    LABLCERT('TCPCERTS') SIGNWITH(CERTAUTH,TSSCA)

    • In this example TCP is the region acid.
    • TCPCERTS is the digital certificate name in Top Secret.
    • The LABELCERT is 'TCPCERTS'.
    • Modify the SUBJECTN to your site standards.


  3. Create the TCP KEYRING with the TSS ADD command.

    Example:

    TSS ADD(TCP) KEYRING(TCPRING) -
    LABLRING('TCPRING')

  4. Add the certificate to the KEYRING with the TSS ADD command.

    Example:

    TSS ADD(TCP) KEYRING(TCPRING) -
    RINGDATA(TCP,TCPCERTS) USAGE(PERSONAL) DEFAULT

  5. Export the certificate to a dataset with the TSS EXPORT command.

    Example:

    TSS EXPORT(TCP) DIGICERT(TCPCERTS) -
    DCDSN('TCP.SIGNED.CERT') LABLCERT(TCPCERTS)

  6. Send the certificate dataset to the client.

  7. Specify the TCP KEYRING to be used via TCP/IP profile KEYRING parameter.

    Example:

    "KEYRING SAF TCPRING"

  8. Add the Certificate Authority to TCP KEYRING with the TSS ADD command.

    Example:

    TSS ADD(TCP) KEYRING(TCPRING) -
    RINGDATA(CERTAUTH,TSSCA) USAGE(CERTAUTH) - 
    USAGE(CERTAUTH) must be specified.

  9. Permit FTP acid to SSL KEYRING, certificates and mappings via TSS PERMIT command:

    TSS PER(TCP) IBMFAC(IRR.DIGTCERT.GENCERT) ACC(UPDATE)
    TSS PER(TCP) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(UPDATE)
    TSS PER(TCP) IBMFAC(IRR.DIGTCERT.LIST) ACC(UPDATE)

Note: If acid CERTSITE is the owner of the certificate, ACC(CONTROL) needs to be specified instead of ACC(UPDATE).

Powered by Wolken Software