TSS0301I GENCERT FUNCTION FAILED, RETURN CODE = 8 and CAS20C1E Invalid data in PKCS #10 request - RSN - 212

Document ID : KB000014399
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

How to resolve the TSS0301I and CAS20C1E error message when using the TSS GENCERT command.

Question:

TSS GENCERT(CERTAUTH) DIGICERT(CERTCAU) -
DCDSN(TSGXG.TSS.PRDFTPS.UNSIGNED.CERT.D170509) -
SIGNWITH(CERTAUTH,TSSCA)

Causes the following error:

TSS0301I GENCERT FUNCTION FAILED, RETURN CODE = 8
CAS20C1E Invalid data in PKCS #10 request - RSN - 212

Looking up error message CAS20C1E, I don't see a reason code of 212:
Reason:

The data set contains a PKCS #10 request that does not meet the requirements for a PKCS #10 certificate request. The reason code specified by rsn will indicate to CA Top Secret Technical Support where the invalid data is occurring.

Reason Codes:
•0 -- Function was successful
•4 -- Certificate length error or no certificate address supplied
•8 -- PEM translation error
•12 -- Error parsing certificate
•16 -- Invalid cert version number
•20 -- Output field was truncated
•24 -- Routine could not be found
•28 -- Signature check failed

Action:

Contact CA Top Secret Technical Support.

Answer:

The 3rd party Certificate Authority that signs the certificates needs to return the signed certificate in a PKCS10 certificate package.

Then the certificate package needs to be uploaded to variable block and DSORG=DS dataset.

Specify the dataset name in the DCDSN keyword and it ****must**** be a formatted PKCS10 certificate package.