How To Export The Private Key With A Digital Certificate.

Document ID : KB000053486
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

https://support.ca.com/irj/portal/anonymous/phpdocs?filePath=0/180/180_techdocindex.html

Solution

In order to export the private key along with the certificate certain parameters must be used on the EXPORT command.

The TSS EXPORT must be done with keywords PKCSPASS and FORMAT(PKCS12xxx).

The 'PKCS12xxx' must either be 'PKCS12DER' or PKCS12B64.

PKCS12B64 - Indicates DER encoded (then Base64 encoded) PKCS#12 package.
PKCS12DER - Indicates DER encoded PKCS#12 package.

PKCSPASS - Sets the password to secure the digital certificate withing the dataset.

Below is an example of an TSS EXPORT command that will export the private key:

TSS EXPORT(acid) DIGICERT(digicert_name) DCDSN(dataset_name)
     FORMAT(PKCS12DER) PKCSPASS('password')

Please refer to the CA Top Secret Cookbook for more details about the TSS EXPORT command.