I am playing with gskkyman using the command line switches. There does not seem to be a way to export a certificate that does not have a private key. This seems odd as (a.) certificates without a private key are normal and legal and expected: for example all CA certificates do not have an installed private key; and (b.) the gskkyman menu interface supports it. RACF RACDCERT EXPORT certainly supports it.
https://www.ibm.com/docs/en/zos/2.5.0?topic=syntax-gskkyman says -e Export a certificate and its associated private key. I have tested and apparently yes, the -e function fails if the certificate specified does not have a private key. Am I confused? Do others know how to do this? If not, does this restriction seem reasonable? Charles ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
