On the Signing & Decryption Keys & Certificates window, you
can export a certificate with or without its private key.
This task describes how to export certificates and their
private keys. Supported certificate and private key formats differ depending on whether
you are running PingFederate with BCFIPS enabled or disabled.
- Certificate and private key format:
- In non-BCFIPS mode, when the Certificate and Private
Key option is selected, a Format
field displays allowing you to choose between exporting a PKCS12 or a
PEM formatted certificate and private key.
- In BCFIPS mode, you can only export PEM-formatted certificates and
private keys.
If you need to convert from PEM to PKCS12 format, use
the following command:
openssl pkcs12 -export -inkey
keypair.pem -in keypair.pem -out keypair.p12
- Password requirement:
- In BCFIPS mode, the password must contain at least 14 characters.
-
On the Signing & Decryption Keys & Certificates
window, select Export for the certificate.
-
On the Export Certificate tab, select the export
type.
- Select Certificate Only to export the selected
certificate without its private key. This is the default choice.
- Select Certificate and Private Key to export the selected
certificate with its private key. If you are not running in
BCFIPS mode, the Format section appears, and you
must select either PKCS12 or
PEM.
You must also enter and confirm an
Encryption Password, since this export
contains the private key of the certificate.
If the selected
certificate is stored in a hardware security module (HSM), the
Certificate and Private Key option does
not apply.
-
On the Export & Summary window, click
Export to save the certificate file, and then click
Done.