Sample TSS command for internally signed and externally signed Digital Certificates

Document ID : KB000014525
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Sample TSS commands to create internally and externally digital certificates.

Question:

Can you give example commands to create internally signed and externally signed digital certificates?

Answer:

Signed Certificate with internal root generated by TSS:

TSS GENCERT(CERTAUTH) DIGICERT(MESMROOT) SUBJECTN('CN="ESM MICRO SERVICE CERT”’)

TSS GENCERT(CERTSITE) DIGICERT(MESMPROD) -
SUBJECTN('CN="ESM MICRO SERVICE PCERT"') -
SIGNWITH(CERTAUTH,MESMROOT) LABLCERT('MESM PCERT SELF-SIGNED') -
ALTNAME('DOMAIN=USILXXXX')

TSS ADD(ESMSVC31) KEYRING(MESMRING) TARG(=)

TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTAUTH,MESMROOT) -
USAGE(CERTAUTH) TARG(=)

TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTSITE,MESMPROD) -
USAGE(PERSONAL) DEFAULT TARG(=)

 

 

Signed Certificate with external root generated by TSS:

TSS GENCERT(CERTSITE) DIGICERT(TEMP) -
SUBJECTN('CN="ESM MICRO SERVICE PCERT"') -
LABLCERT('TEMP') -
ALTNAME('DOMAIN=USILXXXX')

TSS GENREQ(CERTSITE) DIGICERT(MESMPROD) DCDSN(datasename)

Send the certificate out to be signed.


TSS ADD(CERTAUTH) DIGICERT(MESMROOT) -
DCDSN(datasetname) LABLCERT(MESMROOT) TRUST

TSS ADD(CERTSITE) DIGICERT(MESMPROD) -
DCDSN(datasetname) -
LABLCERT('MESM PCERT SELF-SIGNED') TRUST


TSS ADD(ESMSVC31) KEYRING(MESMRING) TARG(=)

TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTAUTH,MESMROOT) -
USAGE(CERTAUTH) TARG(=)

TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTSITE,MESMPROD) -
USAGE(PERSONAL) DEFAULT TARG(=)

 

Self signed Certificate:


TSS GENCERT(CERTSITE) DIGICERT(MESMPROD) -
SUBJECTN('CN="ESM MICRO SERVICE PCERT"') -
LABLCERT('MESM PCERT SELF-SIGNED') -
ALTNAME('DOMAIN=USILXXXX')

TSS ADD(ESMSVC31) KEYRING(MESMRING) TARG(=)

TSS ADD(ESMSVC31) KEYRING(MESMRING) RINGDATA(CERTSITE,MESMPROD) -
USAGE(PERSONAL) DEFAULT TARG(=)