Client certificate without private key gets imported into Google Chrome but receives an error message from Chrome indicating that its not a root certificates. The certificates seems to work when connecting to the mainframe, it there a problem or is everything ok?

Release : 16.0
Component : CA Top Secret for z/OS

The need for a private key is not dictated by CA Top Secret, but by the application.

If the application is connects with not having the private key, then there is no problem.

The private is usually present for a client/personal certificate.

The Google Chrome browser authors also know that ‘usually’ the private key is present for client certificates and puts out warning message warning just in case, users do not realize that the personal/client certificate that is being imported doesn’t have a private key. Root certificate are the ones that ‘usually’ don’t have the private key and not the personal/client certificates.

Since a connections was establish successfully with the client certificate, there is not problem and the Google Chrome warning can be ignored.