Exporting a certificate

There are two reasons to export certificates: 1) to create a root CA certificate with only its public key for each client’s User Trust Store and browser, and 2) to create a backup, for safe keeping, of all certificates with their private keys.

As soon as you finish importing all certificate .pem files back into their respective User Key Stores, make a backup of all of certificates and store the backup on a thumb drive in a separate, physically secure location. You back up each certificate one at a time.

Note: To protect your backups create strong passwords and store backup media in a vault. These backups contain the key(s) used to sign all server certificates.

Open the stores that contain the certificate(s) to export.
On the User Key Store tab, select the certificate and click Export.
The system opens the Certificate Export window.
Do one of the following:
The private key password protects the key in the Key Store and is required to export it. When you export the private key, you can optionally encrypt it in the generated file (recommended). You can reuse the same password that you provided to export it, or you can generate a new password.
- To create a CA certificate (root or intermediate) for importing into a client User Trust Store, just click OK (do not select Export the private key).
- To back up a certificate with its private key, click Export the private key, deselect Reuse password to encrypt private key under Encrypt exported private key, and supply the additional password.
Navigate to a location on a thumb drive and click Save.
The system reports that the export was successful.
To complete the action, click OK.