PreviousNextUp[Front page] [Index]

Viewing and Exporting Private Keys

If the certificate has been created using the Make New Certificate option (see Section Creating Certificates) or if a CMP enrollment client has requested key backup, the private key corresponding to the certificate is stored in the Certifier Database. An operator with sufficient access level can view the private key by clicking View Private Key on the Certificate page. See Section Operator Access Control Levels.

On the View Encrypted Private Key page, the key is by default shown in base-64-encoded PKCS #12 format. The PKCS #12 blob is encrypted with a random password that is shown on the top of the page.

Figure : The View Encrypted Private Key page

To download the key (in binary PKCS #12), click the Download button. Your browser will ask whether you want to open the key file or save it to disk.

To view the key with another password, enter the password in the Refetch with passphrase field and click Refresh.

To select another format for the key, select the Envelope format from the list and click Refresh. The key is shown with the given passphrase in the new format.

Available formats are PKCS#12 (default), PKCS#12 with issuer certificate (includes the issuing CA certificate), PKCS#12 with issuer chain (includes the whole certification path up to the root CA), and PKCS#8.

After refreshing, you can download the key in the new format by clicking the Download button.

PreviousNextUp[Front page] [Index]