How can I tell that a certificate EXPORTed from the ACF2 database to a z/OS dataset only contains the PUBLIC key and NOT the PRIVATE key before sending to a client?