Exporting a client certificate

This procedure describes the steps to export your client certificate in two formats: public key and private key. The certificate with Public key is not considered protected data, you can share it as needed. By contrast, the certificate with an encrypted Private key is protected data, for your use only. It is part of your digital identity, and should be kept in a safe location, not accessible by anyone else.

  • You are running Workbench on your PC.

  • You are logged in to the station.

  • You have already generated a client certificate, which places it in your certificate User Key Store.

  1. In Workbench, open the Certificate Management view.
  2. On the User Key Store tab, select your client certificate and click Export.
    The system opens the Certificate Export window.
  3. To export the Public certificate, just click OK (do not select Export the private key).
    A second Certificate Export window opens.

  4. Use the default location on your PC’s file system (or navigate to another location) and click Save.
    The system confirms that the certificate export was successful.
  5. To close the confirmation window, click OK and proceed with the remaining steps to export the certificate with its Private key.
  6. On the User Key Store tab, where your client certificate is still selected and click Export a second time.
    The Certificate Export window opens.

  7. This time in the Certificate Export window, select Export the private key, under Encrypt exported private key, create a strong password and click OK.
    Note: Be sure to make note of this password, and keep it in a secure place. Later, when authenticating to a station using the client certificate, you will be prompted to enter this private key password.
    The second Certificate Export window opens.

  8. Use the default location on your PC’s file system (or navigate to another safer location) and click Save.
    The software saves your public and private client certificates as *.pem files to the ~certManagement folder in your User Home, or in the location you selected during the export. Make sure this location is safe, and not accessible by anyone else.
    The system confirms that the certificate export was successful. To close the confirmation window, click OK.
  9. Give the public certificate file to the Station Admin who will use it in setting up Client Certificate Authentication on the station.

In a separate procedure, you will install the private certificate file in your browser trust store for use when logging in to the station.

Note: Not all browsers will accept private certificate files in *.pem file format. Instead, they require other formats (*.pfx, *.p12, etc.). If your browser requires other than *.pem files, conversion tools (e.g. OpenSSL, etc.) are readily available which you can use to convert your private certificate file to the required format.