< Back to User Guide Top

Exporting certificates

Any certificate or certificate chain in the certificate management database can be exported to a file to be archived or to be moved to another system. 

For user certificates, this can include exporting the private key. This does not compromise the private key, because its password must be known both when exporting and importing.

Exporting user certificates

Exports a user certificate for sharing, backup, or use in another system.

  1. In the web UI, go to Administration > Certificate Management > Certificates. In the native UI, go to Tools > Certificate Manager or click the Certificates button in the toolbar.
  2. Under Users, right-click the user certificate you want to export and select Export > User Certificate.
  3. Select the file format: DERBase64 (CER), or P7B.  If you selected to export the certificate chain, P7B is automatically selected for you.
  4. Enter a filename for your certificate.  When the certificate is exported, the correct file extension will automatically be added to the filename you enter if you don't provide it. By default, the certificate will be stored in the home directory. You can choose to store your certificate file in another directory by first clicking Browse… and choosing a new directory before entering your certificate name.
  5. Click Export to export the user certificate (possibly with the chain).

Exporting private keys 

Exports the private key associated with a user certificate in a secure, password-protected format.

  1. In the web UI, go to Administration > Certificate Management > Certificates. In the native UI, go to Tools > Certificate Manager or click the Certificates button in the toolbar.
  2. Right-click the user certificate in the tree pane and select Export > Private Key.
  3. Select the file format - either DER (P8) or Base64 (PEM).
  4. Enter the password of the private key being exported.
  5. Type or browse for the private key filename.
  6. Click Export to export the private key.

Exporting both user certificates and private keys (one PKCS12 file) 

Exports a user certificate and its private key together as a single PKCS12 file for portability between systems. 

  1. In the web UI, go to Administration > Certificate Management > Certificates. In the native UI, go to Tools > Certificate Manager or click the Certificates button in the tool bar.
  2. Right-click the user certificate in the tree pane and select Export > User Certificate and Private Key.
  3. If a certificate chain exists, indicate whether the certificate chain should be included in the export.
  4. Enter the password of the private key being exported.
  5. Enter an optional friendly name. This value will appear in other Certificate systems, such as Microsoft® Internet Explorer.
  6. Enter or browse for the PKCS12 filename.
  7. Click Export to export the user certificate (possibly with chain) and the private key.

Exporting OpenPGP or SSH FTP keys 

Exports OpenPGP or SSH FTP keys for use in external systems or for secure key exchange scenarios.

  1. In the web UI, go to Administration > Certificate Management > Certificates. In the native UI, go to Tools > Certificate Manager or click the Certificates button in the tool bar.
  2. Right-click the user certificate in the tree pane and select Export > OpenPGP or SSH FTP Keys...

  3. Choose the file format from the following:

    • OpenPGP Public
    • OpenPGP Public/Private
    • OpenSSH FTP Public
    • SSH FTP Public (IETF format)
    • SSH FTP Private

    Neither the OpenPGP Public/Private Keypair or SSH Private Key should be selected for export and sent to a trading partner.

    Instead, select the appropriate public key format if you wish to export for sending to a trading partner.

  4. When either the OpenPGP Public Key (.ASC) or OpenPGP Public/Private Keypair (.ASC) options are selected, the Preferred PGP Algorithms panel is enabled, allowing selection of the preferred cipherdigest and compression algorithms to be used when exporting the public key or public/private keypair in .asc format. The preferred algorithm selection values are:
    • Cipher: TripleDES (default), Blowfish, CAST5, DES, AES-128, AES-192, AES-256, Twofish
    • Digest: MD2, MD5, RIPE-MD-160, SHA-1, SHA-256 (default), SHA-384, SHA-512
    • Compression: ZIP (default), ZLIB
  5. Enter the Private key password. This field is not necessary when either the OpenSSH or SSH FTP format is selected and is disabled.
  6. Enter or browse for the key filename. The appropriate extension will be appended to the filename.
  7. Click Export to export the key.

Exporting CA certificates

Exports certificate authority (CA) certificates for use in establishing or sharing trusted certificate chains across systems.

  1. In the web UI, go to Administration > Certificate Management > Certificates. In the native UI, go to Tools > Certificate Manager or click the Certificates button in the tool bar.
  2. Right-click the trusted intermediate CA  certificate or root CA certificate in the tree pane and select Export > Trusted CA Certificate; or right-click the pending intermediate CA certificate or root CA certificate in the tree pane and select Export > Pending CA Certificate.
  3. If a certificate chain exists, indicate whether the certificate chain should be included in the export.
  4. Select the file format: DERBase64 (CER), or P7B.  If you selected to export the certificate chain, P7B is automatically selected for you.
  5. Enter or browse for the certificate filename.
  6. Click Export to export the CA certificate (possibly with chain).

Related articles

Comments

0 comments

Please sign in to leave a comment.