Darren,
TSS supports X509 type certs. PGP is not X509.
Is it really PGP. Just because the file suffix is PGP doesnt necessarily mean its PGP.
Have you tried to FTP the certificate to a dataset, then issue the TSS CHKCERT against it?
TSS CHKCERT DCDSN(datasetname)
If the certificate is supported, attributes about the certificate will be displayed. If you get 'invalid data', then the certificate is not supported.
When you FTP the certificate to a dataset, upload it as a binary file ***AND*** ASCII file.
Issue the TSS CHKCERT command against both datasets.
Certain format certificates require a binary or ASCII format. Since we dont know what type of certificate we are dealing with, FTP the certificate in binary and ASCII.
The following knowledge documents FTPing certificates:
https://knowledge.broadcom.com/external/article?articleId=53951When you exported the certificate from Top Secret, I am assuming you used the TSS EXPORT command. What what did you specify for the FORMAT keyword on the TSS EXPORT command? If you need to EXPORT the entire certificate, you need to use one of the PKCS12 formats on the FORMAT keyword. If you didnt, you only export the public key from Top Secret.
Regards,
Joseph Porto - Broadcom Level 1 Support
Original Message:
Sent: 04-07-2020 03:33 PM
From: Darren Jenkins
Subject: TLS communication between Top Secret & Linux using certificates.
Robert,
As for the certificate I created/sent out to the Linux(SAP) server, yes it was sent with a txt format/extension.
They are not able to provide any errors or failure points. The screen scrape they provided only states:
No secret key added.
No public key added.
As for the certificate I received from the Linux server, it arrived with an .asc extension. It was a PGP key, that when pulled up in Notepad, looked loosely like the one I sent out. The differences being it had a version line, a comment line, and a blank line within the cert itself??
I appreciate the timely comments !!
Darren
Original Message:
Sent: 04-06-2020 04:57 PM
From: Robert Bridges
Subject: TLS communication between Top Secret & Linux using certificates.
Other people will give you much more knowledgeable replies, Darren; certificates are a continual reproach to my self-confident belief that I can figure out anything given time and effort. But just to mention something obvious-probably too obvious for you to have missed-have you confirmed that you've correctly saved the certificate in text format ~and~ remembered to translate between EBCDIC and ASCII? You haven't said yet exactly what problems you're running into, so I'm just guessing.
Original Message:
Sent: 04-06-2020 02:46 PM
From: Darren Jenkins
Subject: TLS communication between Top Secret & Linux using certificates.
I am looking for help and/or anyone who has successfully set up certificates between TS and a Linux box. We have been at this for a while and have come to standstill. The issues: 1) We can't get the PGP certificate from Linux to successfully load to our MF. 2) The Linux box will not load the certificate I exported from the MF.
Darren -