You might have more joy in the security community <https://community.ibm.com/community/user/security/communities/community-home/digestviewer?communitykey=e7c36119-46d7-42f2-97a9-b44f0cc89c6d>
On Tue, 8 Feb 2022 at 00:45, Charles Mills <[email protected]> wrote: > I am playing with gskkyman using the command line switches. > > There does not seem to be a way to export a certificate that does not have > a > private key. This seems odd as (a.) certificates without a private key are > normal and legal and expected: for example all CA certificates do not have > an installed private key; and (b.) the gskkyman menu interface supports it. > RACF RACDCERT EXPORT certainly supports it. > > https://www.ibm.com/docs/en/zos/2.5.0?topic=syntax-gskkyman says > > -e Export a certificate and its associated private key. > > I have tested and apparently yes, the -e function fails if the certificate > specified does not have a private key. > > Am I confused? Do others know how to do this? If not, does this restriction > seem reasonable? > > Charles > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
