How can just the public key of a certificate be exported in CA Top Secret?

book

Article ID: 142413

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

What is the command to EXPORT just the private key of a digital certificate?

Environment

Release : 16.0
Component : CA Top Secret for z/OS

Resolution

The FORMAT keyword on the TSS EXPORT command determines if the public key and/or the private key is included.

To EXPORT the public and  private key,  one of the PKCS12xxx formats must be used. Only use the PKCSPASS keyword on the EXPORT command one of the PKCS12xxx formats is being used.

Example:

TSS EXPORT(CERTSITE) DIGICERT(CERTA) FORMAT(PKCS12DER) PKCSPASS(password) DCDSN(somedataset)

If  just the public key needs to be exproted, use CERTDER or BASE64 formats. PKCSPASS is not needed if not using the PKCS12xxx format.

Example:

TSS EXPORT(CERTAUTH) DIGICERT(ROOTCERT) FORMAT(CERTDER) DCDSN(datasetname)

If a TSS CHKCERT DCDSN(datasetname) is done on the dataset that contains the certificate a private key size is not displayed. If there is a private key size, then the private key is present. The TSS CHKCERT display is similar to the TSS LIST of a certificate.