search cancel

FTPing Digital Certificates Various Formats

book

Article ID: 53951

calendar_today

Updated On:

Products

Cleanup CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES INFOCAI MAINTENANCE UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Should Binary or ASCII be used when FTPing digital certificates?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

The Digital Certificate format determines if it should be FTPed in BINARY or ASCII:

  • CERTB64 - Specifies a DER encoded X.509 certificate that has been encoded using Base64. This is a text file so it can be shipped in an e-mail. If it is being transferred using FTP or Connect:Direct, TEXT or ASCII mode must be used.

  • CERTDER - Specifies a DER encoded X.509 certificate. It is a binary file, so if it is being transferred using FTP or Connect:Direct, BINARY mode must be used.

  • PKCS12B64 - Specifies a DER encoded PKCS#12 package that has been encoded using Base64. A PKCS12 PASSWORD must also be supplied. Export the certificate and the private key (which must exist and must not be an ICSF key). The package produced by specifying one of the PKCS #12 keywords is encrypted using the password specified according to the PKCS #12 standard. Processing will attempt to package any certificate-authority certificate necessary to complete the basing chain to the exported certificate. This is a text file so it can be shipped in an e-mail. If it is being transferred using FTP or Connect:Direct, TEXT or ASCII mode must be used.

  • PKCS12DER - Specifies a DER encoded PKCS#12 package. A PKCS12 PASSWORD must also be supplied. Export the certificate and the private key (which must exist and must not be an ICSF key). The package produced by specifying one of the PKCS #12 keywords is encrypted using the password specified according to the PKCS #12 standard. Processing will attempt to package any certificate-authority certificate necessary to complete the basing chain to the exported certificate. It is a binary file, so if it is being transferred using FTP or Connect:Direct, BINARY mode must be used.