Valid on z/OS.
Use the SIGNWITH keyword to specify a digital certificate whose associated private key signs a newly generated certificate. If you do not specify this keyword, CA Top Secret signs the certificate with the private key of the certificate being generated (creating a self‑signed certificate).
Note: If no private key is associated with the specified certificate, processing stops.
If DCDSN is specified on the GENCERT command, the SIGNWITH keyword is required.
The following limitations exist:
Self‑signed certificates are always trusted, while all other certificates are created with the trust status of the certificate specified with the SIGNWITH keyword. If the specified certificate is not trusted, the product issues an informational message but still generates the certificate.
This keyword has the following format:
TSS GENCERT SIGNWITH(acid,digicert)
Specifies the ACID who owns the certificate that you are using to sign the newly generated certificate.
Specifies the digital certificate whose private key signs the newly generated certificate.
The keyword is used with:
Example: Use SIGNWITH to Specify a Certificate (with Private Key) That Signs a Newly Generated Certificate
This example generates a digital certificate to be signed by the private key of certificate cert0001:
TSS GENCERT(user1) DIGICERT(cert0001)
DCDSN(user1.cert.data)
SIGNWITH(user1,cert0001)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|