How can you tell if a digital certificate was generated by CA Top Secret?

book

Article ID: 14651

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

How to tell if a digital certificate was generated by CA Top Secret?



Is there a way to tell if a digital certificate was created  by CA Top Secret?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

TSS adds an extension to the certificate telling that CA SAF genned this cert.

Inorder to see this the client needs to run the CA Top Secret SAF cert utility.

//SAFRPTCR EXEC PGM=SAFCRRPT,REGION=0M,PARM=''
//SYSUDUMP DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
RECORDID(-) detail ext

Then find the cert in question and look at the extension section. If CA SAF genned the cert, one
will, see this:

Extensions X509v3 Key Usage
CERTSIGN (06)
X509v3 Basic Constraints
SubjectType=cA
Netscape Comment
>>>>> Generated by CA SAF Certificate Management Facility <<<<<<<<