Recover A Certificate Whose Private Key Is In ICSF
search cancel

Recover A Certificate Whose Private Key Is In ICSF


Article ID: 29779


Updated On:


Top Secret


A catastrophic loss of the Top Secret Security File and no backups available to recover.  Can the digital certificates on the lost security file be rebuilt if the private keys were stored in ICSF (Intergrate Cryptographic Service Facility) and the public key were backed up to a dataset or file on a PC?



The public key and private key can be united to reconstruct the certificate using the following steps after a security file has been established:

1. Place the certificates public key into a dataset that is variable blocked and has a DSORG=PS dataset file attribute.

2. Issue the TSS ADD command to reunite the public key with the private key.

TSS ADD(owningacid) DIGICERT(digicertname) LABLCERT(certificatelabel) LABLPKDS(pkdslabel)

owningacid - will be the owning acid for the digital certificate.

digicertname - is user defined 8 character DIGICERT name.

certificatelabelname - is the certificate label name for the certificate.

pkdslabel - Specifies the PKDS label of the record created in the ICSF Public Key Data Set (PKDS). This label must match the private key LABLPKDS in order to re-unite the public key with the private key.