If there are multiple "certsign" Digital Certificates keys that are not being used, can they be removed from the CA Top Secret Security File?
Digital Certificates with KEYUSAGE(CERTSIGN) inidicate the certificate is used to sign other certificates.
Yes the digital certificate can be deleted if it truly is not being used.
TSS LIST(owningacid) SEGMENT(CERTDATA)
to determine if the certicate is being used on any keyring. If not, it may be deleted.
Please refer to the CA Top Secret Cookbook for more details about KEYUSAGE(CERTSIGN).