Exporting a certificate in to a
PKCS7 package DOES NOT export the private key. One needs to export a PKCS12
package in order to export the private key.
When you exported the certificate in PKCS7 format and CHKCERT the dataset on the
same LPAR (SYSTEM) that the certificate resides on it will show a private key, if the
certificate has one.
If you then CHKCERT the same PKCS7 dataset on a LPAR that does not have the certificate you will not see a private key.
The EXPORT command that needs to be used is:
TSS EXPORT(CERTSITE) -
DIGICERT(CERTA) -
DCDSN('CERTA.DATASET ') -
FORMAT(PKCS12DER) PKCSPASS(CERTAPASS)
A CHKCERT on the second LPAR should now show the private key.
When adding the certificate on the second LPAR the PKCSPASS(CERTAPASS) needs to be used:
TSS EXPORT(CERTSITE) -
DIGICERT(CERTA) -
DCDSN('CERTA.DATASET ') -
PKCSPASS(CERTAPASS)
A list of the certificate should now show the private key.