1 - Digital Certificates Overview Top Secret download ************** * Top Secret * ************** //TSSADM EXEC PGM=IKJEFT01,REGION=0M //SYSTSPRT DD SYSOUT=* //SYSTSIN DD * TSS GENCERT(CERTAUTH) DIGICERT(USROOT) LABLCERT('US Root Cert') - SUBJECTN('CN="USRootCert" OU="MyCo" C=US') TSS GENCERT(CERTAUTH) DIGICERT(INTER1) LABLCERT('Intermediate One') - SUBJECTN('CN="InterOperations" OU="MyCo" C=US') - SIGNWITH(certauth,USROOT) TSS GENCERT(CERTAUTH) DIGICERT(INTER2) LABLCERT('Intermediate Two') - SUBJECTN('CN="Inter2Operations" OU="MyCo" C=US') - SIGNWITH(certauth,INTER1) TSS GENCERT(BLAMI02) DIGICERT(USRTEST) LABLCERT('USRTEST User') - SUBJECTN('CN="USRTEST" OU="MyCo" C=US') - SIGNWITH(certauth,INTER2) TSS EXPORT(USER002) DIGICERT(USRTEST) DCDSN('USER002.CERTTOM')- FORMAT(PKCS7DER) TSS CHKCERT DCDSN('USER002.CERTTOM') CHAIN /* Top Secret OUTPUT TSS GENCERT(CERTAUTH) DIGICERT(USROOT) LABLCERT('US Root Cert') SUBJECTN('CN="USRootCert" OU="MyCo" C=US') TSS0300I GENCERT FUNCTION SUCCESSFUL TSS1624I CERTIFICATE USROOT HAS BEEN ADDED TO USER CERTAUTH READY TSS GENCERT(CERTAUTH) DIGICERT(INTER1) LABLCERT('Intermediate One') SUBJECTN('CN="InterOperations" OU="MyCo" C=US') SIGNWITH(certa uth,USROOT) TSS0300I GENCERT FUNCTION SUCCESSFUL TSS1624I CERTIFICATE INTER1 HAS BEEN ADDED TO USER CERTAUTH READY TSS GENCERT(CERTAUTH) DIGICERT(INTER2) LABLCERT('Intermediate Two') SUBJECTN('CN="Inter2Operations" OU="MyCo" C=US') SIGNWITH(cert auth,INTER1) TSS0300I GENCERT FUNCTION SUCCESSFUL TSS1624I CERTIFICATE INTER2 HAS BEEN ADDED TO USER CERTAUTH READY TSS GENCERT(USER002) DIGICERT(USRTEST) LABLCERT('USRTEST User') SUBJECTN('CN="USRTEST" OU="MyCo" C=US') SIGNWITH(certauth,INTER2) TSS0300I GENCERT FUNCTION SUCCESSFUL TSS1624I CERTIFICATE USRTEST HAS BEEN ADDED TO USER USER002 READY TSS EXPORT(USER002) DIGICERT(USRTEST) DCDSN('USER002.CERTTOM') FORMAT(PKCS7DER) TSS0300I EXPORT FUNCTION SUCCESSFUL TSS1625I USER002 CERTIFICATE USRTEST HAS BEEN PLACED IN BLAMI02.CERTTOM TSS1625I CERTAUTH CERTIFICATE INTER2 HAS BEEN PLACED IN BLAMI02.CERTTOM TSS1625I CERTAUTH CERTIFICATE INTER1 HAS BEEN PLACED IN BLAMI02.CERTTOM TSS1625I CERTAUTH CERTIFICATE USROOT HAS BEEN PLACED IN BLAMI02.CERTTOM READY TSS CHKCERT DCDSN('USER002.CERTTOM') CHAIN THIS CERTIFICATE IS REGISTERED WITH CA-TOP SECRET DIGICERT = USRTEST ACCESSORID = USER002 ADMIN BY= BY(USER002 ) SMFID(XE38) ON(02/19/2021) AT(13:30:34) LABEL = USRTEST User STATUS = TRUST SERIAL# = 01 ISSUER DISTINGUISHED NAME: .CN=Inter2Operations.OU=MyCo.C=US SUBJECT DISTINGUISHED NAME: CN=USRTEST.OU=MyCo.C=US PRIVATE KEY SIZE = 1024 PRIVATE KEY TYPE = RSA ALGORITHM = sha-1WithRSAEncryption NOT BEFORE = 2021/02/19 00:00:00 UTC NOT AFTER = 2022/02/19 23:59:59 UTC * THIS CERTIFICATE IS REGISTERED WITH CA-TOP SECRET DIGICERT = INTER2 ACCESSORID = CERTAUTH ADMIN BY= BY(USER002 ) SMFID(XE38) ON(02/19/2021) AT(13:30:32) LABEL = Intermediate Two STATUS = TRUST SERIAL# = 01 ISSUER DISTINGUISHED NAME: .CN=InterOperations.OU=MyCo.C=US SUBJECT DISTINGUISHED NAME: CN=Inter2Operations.OU=MyCo.C=US KEYUSAGE: CERTSIGN PRIVATE KEY SIZE = 1024 PRIVATE KEY TYPE = RSA ALGORITHM = sha-1WithRSAEncryption NOT BEFORE = 2021/02/19 00:00:00 UTC NOT AFTER = 2022/02/19 23:59:59 UTC * THIS CERTIFICATE IS REGISTERED WITH CA-TOP SECRET DIGICERT = INTER1 ACCESSORID = CERTAUTH ADMIN BY= BY(USER002 ) SMFID(XE38) ON(02/19/2021) AT(13:30:30) LABEL = Intermediate One STATUS = TRUST SERIAL# = 01 ISSUER DISTINGUISHED NAME: .CN=USRootCert.OU=MyCo.C=US SUBJECT DISTINGUISHED NAME: CN=InterOperations.OU=MyCo.C=US KEYUSAGE: CERTSIGN PRIVATE KEY SIZE = 1024 PRIVATE KEY TYPE = RSA ALGORITHM = sha-1WithRSAEncryption NOT BEFORE = 2021/02/19 00:00:00 UTC NOT AFTER = 2022/02/19 23:59:59 UTC * THIS CERTIFICATE IS REGISTERED WITH CA-TOP SECRET DIGICERT = USROOT ACCESSORID = CERTAUTH ADMIN BY= BY(USER002 ) SMFID(XE38) ON(02/19/2021) AT(13:30:28) LABEL = US Root Cert STATUS = TRUST SERIAL# = 00 ISSUER DISTINGUISHED NAME: .CN=USRootCert.OU=MyCo.C=US SUBJECT DISTINGUISHED NAME: CN=USRootCert.OU=MyCo.C=US KEYUSAGE: CERTSIGN PRIVATE KEY SIZE = 1024 PRIVATE KEY TYPE = RSA ALGORITHM = sha-1WithRSAEncryption NOT BEFORE = 2021/02/19 00:00:00 UTC NOT AFTER = 2022/02/19 23:59:59 UTC Chain Information: Chain contains 4 certificates Chain is complete TSS0300I CHKCERT FUNCTION SUCCESSFUL 1READY END