Adding a certificate set it to NOTRUST

Document ID : KB000015182
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Adding a certificate and it is set to NOTRUST

Question:

We are adding a certificate and it gets set to NOTRUST saying signer not found although the signing certificate does appear to be in Top Secret. 

Why is this happening?

Environment:
z/os
Answer:

If a certificated is: 

1. Being added to the security file 

2. Signed by another certificate 

it will be added to the security file with NOTRUST, if the signing certificate is not already on the security file. If the signer certificate is on the security file, the certificate will be added with TRUST status. 

The message is NOT an error message. Its an informational message. 

Changing it to TRUST is the appropriate action. 

These indicators make the user aware that the signing certificate is missing from the security file and it needs to be added. 

 

If you TSS LIST the certificate, look at the subject distinguished name and issuer distinguished name. If they dont match, then you have a signed certificate. Look for a 'SIGNED BY'. If it is missing, the signing certificate is not on the security file.