How To Recover A Certificate Whose Private Key Is In ICSF

Document ID : KB000029779
Last Modified Date : 14/02/2018
Show Technical Document Details

After a catastrophic loss of the CA Top Secret Security File and no backups are available to recover the CA Top Secret Security File, the digital certificates on the lost security file can be rebuilt if the private keys were stored in ICSF (Intergrate Cryptographic Service Facility) and the public key were backed up to a dataset or file on a PC.

The public key and private key can be united to reconstruct the certificate using the following steps after a security file has been established:

1. Place the certificates public key into a dataset that is variable blocked and has a DSORG=PS dataset file attribute.

2. Issue the TSS ADD command to reunite the public key with the private key.

TSS ADD(owningacid) DIGICERT(digicertname) LABLCERT(certificatelabel) LABLPKDS(pkdslabel)

owningacid - will be the owning acid for the digital certificate.

digicertname - is user defined 8 character DIGICERT name.

certificatelabelname - is the certificate label name for the certificate.

pkdslabel - Specifies the PKDS label of the record created in the ICSF Public Key Data Set (PKDS). This label must match the private key LABLPKDS in order to re-unite the public key with the private key.

Please refer to the CA Top Secret Command and Functions Guide for more details about the TSS ADD command for adding digital certificates.