How can you tell if a digital certificate was generated by CA Top Secret?

Document ID : KB000014651
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

How to tell if a digital certificate was generated by CA Top Secret?

Question:

Is there a way to tell if a digital certificate was created  by CA Top Secret?

Answer:

TSS adds an extension to the certificate telling that CA SAF genned this cert.

Inorder to see this the client needs to run the CA Top Secret SAF cert utility.

//SAFRPTCR EXEC PGM=SAFCRRPT,REGION=0M,PARM=''
//SYSUDUMP DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
RECORDID(-) detail ext

Then find the cert in question and look at the extension section. If CA SAF genned the cert, one
will, see this:

Extensions X509v3 Key Usage
CERTSIGN (06)
X509v3 Basic Constraints
SubjectType=cA
Netscape Comment
>>>>> Generated by CA SAF Certificate Management Facility <<<<<<<<