Duplicate Subject Distinguished Name On Digital Certificate?

book

Article ID: 53853

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Description:

Our site has been sent a new digital certificate to replace an existing one that expires in a month. Instead of waiting for the existing certificate to expire before installing the new one, can the new one be added now and given a different label or digicert name? Or will CA Top Secret allow another certificate to be added with the same "Subject Distinguished Name"?

Solution:

The LABLCERT and DIGICERT fields can be duplicated as long as the owner is a different one.

CA Top Secret will not allow for duplicate subject distinguished names.

TSS GENCERT(TEST) DIGICERT(DUMMY)
TSS GENCERT(TEST) DIGICERT(DUMMY1)

TSS0301I GENCERT FUNCTION FAILED, RETURN CODE = 4
TSS1525E CERTIFICATE ALREADY EXISTS WITH THIS SERIAL/ISSUERDN
READY

Note: Since the SUBJCTDN was left off, the userid is used as subject distinguished name.

The second command failed because it was trying to use TEST as the subject distinguished name again.

GENCERTing it to a different ACID yields the same results.

Environment

Release:
Component: AWAGNT