How does Top Secret determine what certificate signed another certifcate?

Release : 16.0

Component : Top Secret for z/OS

Top Secret searches the Top Secret digital certificate table which is kept in memory.

The table is searched for a matching IDN (Issuer Distinguished Name) , then looks at the the AKI (signature with the public key) to determine if that certificate is the signer.

If there are multiple certificates that match the above criteria, the first one is used.