Exporting a certificate

There are two reasons to export certificates: 1) to create a root CA certificate with only its public key for each client’s User Trust Store and browser, and 2) to create a backup, for safe keeping, of all certificates with their private keys.

As soon as you finish importing all certificate .pem files back into their respective User Key Stores, make a backup of all of certificates and store the backup on a thumb drive in a separate, physically secure location. You back up each certificate one at a time.

NOTE: To protect your backups create strong passwords and store backup media in a vault. These backups contain the key(s) used to sign all server certificates.

Perform the following steps:

Open the stores that contain the certificate(s) to export.
On the User Key Store tab, select the certificate and click Export.
The system opens the Certificate Export window.
Do one of the following:
In addition to the private key password, you should use an encryption password to provide double-password protection. The default encryption password is the same as the private key password.
- To create a CA certificate (root or intermediate) for importing into a client User Trust Store, just click OK (do not select Export the private key).
- To back up a certificate with its private key, click Export the private key, deselect Reuse password to encrypt private key under Encrypt exported private key, and supply the additional password.
Navigate to a location on a thumb drive and click Save.
The system reports that the export was successful.
To complete the action, click OK.

Exporting a certificate

Related Links