Exporting the private key is only possible if the keys is NOT stored in the PKDS. So the certificate would have been defined without using the PKDS, ICSF and PCICC options in RACDCERT.
Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd Web: www.rsmpartners.com ‘Dance like no one is watching. Encrypt like everyone is.’ -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Sankaranarayanan, Vignesh Sent: 28 August 2019 19:45 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [IBM-MAIN] [EXTERNAL] zOS GENCERT Hi Joel, Yes, by exporting it to a dataset, PKCS12DER or PKCS12B64. Make sure you set a password when you export. https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.2.0/com.ibm.zos.v2r2.icha400/le-export.htm – Vignesh Mainframe Infrastructure -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Joel M Ivey Sent: 28 August 2019 17:32 To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] zOS GENCERT In zOS, is it possible to extract a private key, making it viewable by a human, generated by the RACF RACDCERT GENCERT command? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN MARKSANDSPENCER.COM ________________________________ Unless otherwise stated above: Marks and Spencer plc Registered Office: Waterside House 35 North Wharf Road London W2 1NW Registered No. 214436 in England and Wales. Telephone (020) 7935 4422 Facsimile (020) 7487 2670 www.marksandspencer.com Please note that electronic mail may be monitored. This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN