Can Multiple Unused "Certsign" Digital Certificates Be Removed From the CA Top Secret Security File?

Document ID : KB000025553
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

If there are multiple "certsign" Digital Certificates keys that are not being used, can they be removed from the CA Top Secret Security File?

Digital Certificates with KEYUSAGE(CERTSIGN) inidicate the certificate is used to sign other certificates.

Answer:

Yes the digital certificate can be deleted if it truly is not being used.

Issue a:

TSS LIST(owningacid) SEGMENT(CERTDATA)

to determine if the certicate is being used on any keyring. If not, it may be deleted.

Additional Information:

Please refer to the CA Top Secret Cookbook for more details about KEYUSAGE(CERTSIGN).