What is the command to EXPORT just the public key of a digital certificate instead of both the public and private keys? In other words, without the private key.

Release : 16.0
Component : CA Top Secret for z/OS

The FORMAT keyword on the TSS EXPORT command determines if the public key and/or the private key is included.

- To EXPORT the public and private key, one of the PKCS12xxx formats must be used. Only use the PKCSPASS keyword on the EXPORT command if one of the PKCS12xxx formats is being used.

Example:

TSS EXPORT(CERTSITE) DIGICERT(CERTA) FORMAT(PKCS12DER) PKCSPASS(password) DCDSN(somedataset)

- If just the public key needs to be exported, use a format of CERTDER or CERTB64. PKCSPASS is not needed if you are not using the PKCS12xxx format.

Example:

TSS EXPORT(CERTAUTH) DIGICERT(ROOTCERT) FORMAT(CERTDER) DCDSN(datasetname)

If a TSS CHKCERT DCDSN(datasetname) is done on the dataset that contains the certificate a private key size is not displayed. If there is a private key size, then the private key is present. The TSS CHKCERT display is similar to the TSS LIST of a certificate.