search cancel

How can I determine what certificate signed a specific certificate stored in the Top Secret database?

book

Article ID: 42164

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

Question:  

How can I determine what certificate signed a specific certificate stored in the Top Secret database?


Environment

Release:
Component: TSSMVS

Resolution

Answer:  

The Top Secret SAFCRRPT Certificate Utility can be used to display the certificate hierarchy in your database. Optionally,

it will display each certificate, its signing certificate, the certificates that it has signed, and all of the information provided

with the CHKCERT and LIST commands. Execution of SAFCRRPT requires a region size of 1500K.

 

The following is sample JCL to run the certificate utility. This JCL is found in the CAI.CAKOJCL0 file on the distribution tape.

The member name is CERTUTIL:

 

//SAFRPTCR   EXEC PGM=SAFCRRPT,PARM='TITLE(Certificate detailed report)'

//STEPLIB    DD   DISP=SHR,DSN=CAI.CAKOLINK

//SYSUDUMP   DD   SYSOUT=*

//SYSPRINT   DD   SYSOUT=*

//SYSIN      DD   * 

Recordid(PERSONAL.CERT) detail EXT

//*                                                

 

Sample SAFRPTCR output:

 

Mainframe Security - SAFCRRPT - Certificate Utility    - PAGE   1

DATE 03/14/06 (06.073) TIME 10.18

 

Record id - PERSONAL.CERT                Signed by:  CERTAUTH.MAJORLG

            Label           American League CA

            Serial #  -     05

            Issuer  DN -    CN=Major League Baseball Certificate Authority.

                            OU=Used for testing PKCS 12 CA certificate insert

                            processing.O=MLB Commissioners Office.C=US

            Subject DN -    CN=American League Certificate Authority.O=Major

                            League Baseball.C=US

            Active Date     2004/11/30

            Expire Date     2015/12/20

            Pub Key Size    1024  RSA

            Public Key      0000  30819F30 0D06092A 864886F7 0D010101

                            0010  05000381 8D003081 89028181 00D7F4B8

                            0020  BCA5B3B0 D33F5575 C7EF5F48 9ABC4C77

                            0030  5F46257B 13C3A9A7 B497F422 EFDD8B44

                            0040  9F756234 76D70DFC 2A6B3FE6 40532234

                            0050  0147CC94 4DB0ABD4 732729B4 9E8FBD44

                            0060  F7DAFB00 33ED254D EB0A6334 8FD0ECEB

                            0070  4374317C D4CBB1AE B7C6FD08 0412785B

                            0080  0A751C69 3BF4DC66 C2CBA8F1 093BAE10

                            0090  3604CC15 66CF8A5D 2EF9038A 03020301

 

                            00A0  0001