CA Top Secret not returning private key for a digital certificate

Document ID : KB000124312
Last Modified Date : 09/01/2019
Show Technical Document Details
Introduction:
Explanation on how to get the private key returned for a digital certificate call when the owner of the certificate is acid CERTSITE.
Question:
If a digital certificate is owned by an acid, the private key is returned in digital certificate  r_datalib call from the same acid.

If the owner of the certificate is CERTSITE, the private key is no longer returned using the same r_datalib call and same acid.
Answer:
If the certificate is owned by an acid, the acid must be authorized for IBMFAC(IRR.DIGTCERT) ACC(READ).

If the certificate is owned by CERTSITE, the acid must be authorized for IBMFAC(IRR.DIGTCERT) ACC(CONTROL).