Any certificate or certificate chain in the certificate management database can be exported to a file to be archived or to be moved to another system.
For user certificates, this can include exporting the private key. This does not compromise the private key, because its password must be known both when exporting and importing.
Exporting user certificates
You can export user certificates.
- In the web UI, go to Certificates button in the tool bar. . In the native UI, go to or click the
- Under Users, right-click the user certificate you want to export and select .
- Select the file format: DER, Base64 (CER), or P7B. If you selected to export the certificate chain, P7B is automatically selected for you.
- Enter a filename for your certificate. When the certificate is exported, the correct file extension will automatically be added to the filename you enter if you don't provide it. By default the certificate will be stored in the home directory. You can choose to store your certificate file in another directory by first clicking Browse… and choosing a new directory before entering your certificate name.
- Click Export to export the user certificate (possibly with the chain).
Exporting private keys
The following describes how to export a user certificate's private key.
- In the web UI, go to Certificates button in the toolbar. . In the native UI, go to or click the
- Right-click the user certificate in the tree pane and select .
- Select the file format - either DER (P8) or Base64 (PEM).
- Enter the password of the private key being exported.
- Type or browse for the private key filename.
- Click Export to export the private key.
Exporting both user certificates and private keys (one PKCS12 file)
The following describes how to export a user certificate and private key together.
- In the web UI, go to Certificates button in the tool bar. . In the native UI, go to or click the
- Right-click the user certificate in the tree pane and select .
- If a certificate chain exists, indicate whether the certificate chain should be included in the export.
- Click Enable strong protection, if desired.
- Enter the password of the private key being exported.
- Enter an optional friendly name. This value will appear in other Certificate systems, such as Microsoft® Internet Explorer.
- Enter or browse for the PKCS12 filename.
- Click Export to export the user certificate (possibly with chain) and the private key.
Exporting OpenPGP or SSH FTP keys
The following describes how to export an OpenPGP or SSH FTP keys.
- In the web UI, go to Certificates button in the tool bar. . In the native UI, go to or click the
- Right-click the user certificate in the tree pane and select Export > OpenPGP or SSH FTP Keys...
- Choose the file format from the following:
- OpenPGP Public
- OpenPGP Public/Private
- OpenSSH FTP Public
- SSH FTP Public (IETF format)
- SSH FTP Private
Neither the OpenPGP Public/Private Keypair or SSH Private Key should be selected for export and sent to a trading partner.
Instead, select the appropriate public key format if you wish to export for sending to a trading partner.
- When either the OpenPGP Public Key (.ASC) or OpenPGP Public/Private Keypair (.ASC) options are selected, the Preferred PGP Algorithms panel is enabled, allowing selection of the preferred cipher, digest and compression algorithms to be used when exporting the public key or public/private keypair in .asc format. The preferred algorithm selection values are:
- Cipher: TripleDES (default), Blowfish, CAST5, DES, AES-128, AES-192, AES-256, Twofish
- Digest: MD2, MD5, RIPE-MD-160, SHA-1, SHA-256 (default), SHA-384, SHA-512
- Compression: ZIP (default), ZLIB
- Enter the Private key password. This field is not necessary when either the OpenSSH or SSH FTP format is selected and is disabled.
- Enter or browse for the key filename. The appropriate extension will be appended to the filename.
- Click Export to export the key.
Exporting CA certificates
The following describes how to export a CA certificate.
- In the web UI, go to Certificates button in the tool bar. . In the native UI, go to or click the
- Right-click the trusted intermediate CA certificate or root CA certificate in the tree pane and select ; or right-click the pending intermediate CA certificate or root CA certificate in the tree pane and select .
- If a certificate chain exists, indicate whether the certificate chain should be included in the export.
- Select the file format: DER, Base64 (CER), or P7B. If you selected to export the certificate chain, P7B is automatically selected for you.
- Enter or browse for the certificate filename.
- Click Export to export the CA certificate (possibly with chain).
Comments
0 comments
Please sign in to leave a comment.