Top Secret Type SCA Required For TSS GENCERT With CERTSITE ACID?
search cancel

Top Secret Type SCA Required For TSS GENCERT With CERTSITE ACID?

book

Article ID: 40975

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

Do you have to be a type SCA ACID to issue the TSS GENCERT command for CERTSITE?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

No, however, the ACID that issue the TSS GENCERT with the CERTSITE ACID needs the following administrative authorities: 
 
Administrative Authority:
ACID(MAINTAIN) and MISC4(CERTGEN) for users within their scope 
MISC4(CERTSITE) for CERTSITE ACID 
MISC4(CERTAUTH) for CERTAUTH ACID 
 
Administrators without the previous authorities can issue the GENCERT command if they have: 
– UPDATE access to TSSCMD.CERTUSER.GENCERT in the CASECAUT resource class when the certificate is associated with a user ACID 
– UPDATE access to TSSCMD.CERTSITE.GENCERT in the CASECAUT resource class when generating a site certificate 
– UPDATE access to TSSCMD.CERTAUTH.GENCERT in the CASECAUT resource class when generating a certificate-authority certificate 
Powered by Wolken Software