Export system certificate
You can export the current root certificate and system certificate by using the management GUI or command line interface (CLI).
You must add the system's root certificates and system certificates of the system to the trust stores of other systems, web browsers, key servers, or any other devices to authenticate the identity and secure the communication channel. If the browser, device, or application supports chain of trust checking, then only the root certificate is needed.
Using the management GUI
To export the system certificate, complete these steps:
- In the management GUI, select .
- Go to the specific certificate, click the overflow menu and select Export. Select End point Certificate or Root CA Certificate.
- In the Export Certificate page, you can either download the certificate file by clicking Export or copy the contents of the file to clipboard by clicking Copy to clipboard.
Using the command line interface (CLI)
In the command-line interface, enter the following command to export the certificate:
-
- Enter the following command to export the certificates to the file
/dumps/certificate.pem (only for
default)
chsystemcert -exportNote: The chsystemcert -export command exports the full chain of trust. Alternatively, to export the system's root certificate before the system initialization, use the satask exportrootcertificate command. Run this command on the node that is used to do the system initialization. You can also use the sainfo lsrootcertificate command to view the details of the system's root certificate. - Enter the following command to export the certificates to the file
/dumps/certificate.pem (only for default) or
/dumps/system_certificate_slot_<usecaseid>.pem
svctask chsystemcertstore -export -scope defaultNote: The chsystemcertstore -export -scope default command exports the full chain of trust. The certificate is exported to the /dumps/system_certificate_slot_<usecaseid>.pem directory on the configuration node. For default slot, the certificate is exported to /dumps/certificate.pem.
- Enter the following command to export the certificates to the file
/dumps/certificate.pem (only for
default)
-
- Enter the following command to export the Root CA certificate to file
/dumps/rootcacertificate.pem (only for
default)
For more information, see chsystemcert command.chsystemcert -exportrootcacert - Enter the following command to export the Root CA certificate to file
/dumps/rootcacertificate.pem (only for default) or
/dumps/system_rootcacertificate_slot_<usecaseid>.pem (for non default
scope)
For more information, see chsystemcertstore command.svctask chsystemcertstore -exportrootca -scope defaultNote: The certificate is exported to the /dumps/system_rootcacertificate_slot_<usecaseid>.pem directory on the configuration node. For default slot, the certificate is exported to /dumps/rootcacertificate.pem.
- Enter the following command to export the Root CA certificate to file
/dumps/rootcacertificate.pem (only for
default)
- After the certificate is exported, use the Secure Copy (SCP) or SSH File Transfer Protocol (SFTP) to copy the certificate from the system.