ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Export Just Public Key Of Digital Certificate In Top Secret?

book

Article ID: 142413

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

What is the command to EXPORT just the public key of a digital certificate instead of both the public and private keys? In other words, without the private key.

Environment

Release : 16.0
Component : CA Top Secret for z/OS

Resolution

The FORMAT keyword on the TSS EXPORT command determines if the public key and/or the private key is included.

- To EXPORT the public and private key, one of the PKCS12xxx formats must be used. Only use the PKCSPASS keyword on the EXPORT command if one of the PKCS12xxx formats is being used.

Example:

TSS EXPORT(CERTSITE) DIGICERT(CERTA) FORMAT(PKCS12DER) PKCSPASS(password) DCDSN(somedataset)

- If just the public key needs to be exported, use a format of CERTDER or CERTB64. PKCSPASS is not needed if you are not using the PKCS12xxx format.

Example:

TSS EXPORT(CERTAUTH) DIGICERT(ROOTCERT) FORMAT(CERTDER) DCDSN(datasetname)

If a TSS CHKCERT DCDSN(datasetname) is done on the dataset that contains the certificate a private key size is not displayed. If there is a private key size, then the private key is present. The TSS CHKCERT display is similar to the TSS LIST of a certificate.