Copy a Certificate Authority from one CA Top Secret system to another CA Top Secret system.

Document ID : KB000017933
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Steps to copy a Certificate Authority from one CA Top Secret system to another CA Top Secret system.

Solution:

  1. Export a copy of the Certificate Authority to a dataset:
    TSS EXPORT(CERTAUTH) DIGICERT(digicertname) DCDSN(datasetname)
    FORMAT(PKCS12DER) PKCSPASS(password)

  2. Verify the TSS EXPORT was successful.
    TSS CHKCERT DCDSN(dataset) PKCSPASS(password)

  3. FTP the dataset in binary to the other CA Top Secret system.

  4. Add the Certificate Authority to the security file:
    TSS ADD(CERTAUTH) DIGICERT(digicertname) LABLCERT(certificatelabelname)
    DCDSN(datasetname) TRUST

  5. Add the certificate to the keyrings:
    TSS ADD(acid) KEYRING(keyringname) RINGDATA(CERTAUTH,digicertname)
    USAGE(CERTAUTH)