Question:
How can I determine what certificate signed a specific certificate stored in the Top Secret database?
Answer:
The Top Secret SAFCRRPT Certificate Utility can be used to display the certificate hierarchy in your database. Optionally,
it will display each certificate, its signing certificate, the certificates that it has signed, and all of the information provided
with the CHKCERT and LIST commands. Execution of SAFCRRPT requires a region size of 1500K.
The following is sample JCL to run the certificate utility. This JCL is found in the CAI.CAKOJCL0 file on the distribution tape.
The member name is CERTUTIL:
//SAFRPTCR EXEC PGM=SAFCRRPT,PARM='TITLE(Certificate detailed report)'
//STEPLIB DD DISP=SHR,DSN=CAI.CAKOLINK
//SYSUDUMP DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
Recordid(PERSONAL.CERT) detail EXT
//*
Sample SAFRPTCR output:
Mainframe Security - SAFCRRPT - Certificate Utility - PAGE 1
DATE 03/14/06 (06.073) TIME 10.18
Record id - PERSONAL.CERT Signed by: CERTAUTH.ORG
Label American League CA
Serial # - 05
Issuer DN - CN=Issuer Certificate Authority.
OU=Used for testing PKCS 12 CA certificate insert
processing.O=Organization.C=US
Subject DN - CN=Issuer Certificate Authority.O=Organization
.C=US
Active Date 2004/11/30
Expire Date 2015/12/20
Pub Key Size 1024 RSA
Public Key 0000 30819F30 0D06092A 864886F7 0D010101
0010 05000381 8D003081 89028181 00D7F4B8
0020 BCA5B3B0 D33F5575 C7EF5F48 9ABC4C77
0030 5F46257B 13C3A9A7 B497F422 EFDD8B44
0040 9F756234 76D70DFC 2A6B3FE6 40532234
0050 0147CC94 4DB0ABD4 732729B4 9E8FBD44
0060 F7DAFB00 33ED254D EB0A6334 8FD0ECEB
0070 4374317C D4CBB1AE B7C6FD08 0412785B
0080 0A751C69 3BF4DC66 C2CBA8F1 093BAE10
0090 3604CC15 66CF8A5D 2EF9038A 03020301
00A0 0001