How can you tell if a digital certificate was generated by CA Top Secret?

search cancel

How can you tell if a digital certificate was generated by CA Top Secret?

book

Article ID: 14651

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

How to tell if a digital certificate was generated by CA Top Secret?

Is there a way to tell if a digital certificate was created by CA Top Secret?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

TSS adds an extension to the certificate telling that CA SAF genned this cert.

Inorder to see this the client needs to run the CA Top Secret SAF cert utility.

//SAFRPTCR EXEC PGM=SAFCRRPT,REGION=0M,PARM=''
//SYSUDUMP DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
RECORDID(-) detail ext

Then find the cert in question and look at the extension section. If CA SAF genned the cert, one
will, see this:

Extensions X509v3 Key Usage
CERTSIGN (06)
X509v3 Basic Constraints
SubjectType=cA
Netscape Comment
>>>>> Generated by CA SAF Certificate Management Facility <<<<<<<<

Feedback

thumb_up Yes

thumb_down No