On the Signing & Decryption Keys & Certificates window, you can export a certificate with or without its private key.
- Certificate and private key format:
- In non-BCFIPS mode, when the Certificate and Private Key option is selected, a Format field displays allowing you to choose between exporting a PKCS12 or a PEM formatted certificate and private key.
- In BCFIPS mode, you can only export PEM-formatted certificates and
If you need to convert from PEM to PKCS12 format, use the following command:
openssl pkcs12 -export -inkey keypair.pem -in keypair.pem -out keypair.p12
- Password requirement:
- In BCFIPS mode, the password must contain at least 14 characters.
- On the Signing & Decryption Keys & Certificates window, select Export for the certificate.
On the Export Certificate tab, select the export
- Select Certificate Only to export the selected certificate without its private key. This is the default choice.
- Select Certificate and Private Key to export the selected
certificate with its private key. If you are not running in
BCFIPS mode, the Format section appears, and you
must select either PKCS12 or
You must also enter and confirm an Encryption Password, since this export contains the private key of the certificate.
If the selected certificate is stored in a hardware security module (HSM), the Certificate and Private Key option does not apply.
- On the Export & Summary window, click Export to save the certificate file, and then click Done.