Exporting an SSL/KMIP server certificate

You must export the IBM Security Key Lifecycle Manager SSL/KMIP server certificate to a file in an encoded format for use by the client device. The client device imports this certificate for secure communication with the server.

About this task

Use the Export Certificate dialog, tklmCertExport command, or Certificate Export REST Service to export the IBM Security Key Lifecycle Manager SSL/KMIP server certificate to a file in an encoded format.

Procedure

  1. Go to the appropriate page or directory.
    • Graphical user interface:

      Log on to the graphical user interface. The Welcome page is displayed.

    • Command-line interface
      1. Go to the <WAS_HOME>/bin directory. For example,
        Windows
        cd drive:\Program Files\IBM\WebSphere\AppServer\bin
        Linux
        cd /opt/IBM/WebSphere/AppServer/bin
      2. Start the wsadmin interface by using an authorized user ID, such as SKLMAdmin. For example,
        Windows
        wsadmin.bat -username SKLMAdmin -password mypwd -lang jython
        Linux
        ./wsadmin.sh -username SKLMAdmin -password mypwd -lang jython
    • REST interface:
      • Open a REST client.
  2. Export a certificate.
    • Graphical user interface:
      1. Click Advanced Configuration > Server Certificates.
      2. In the Certificates table, select the appropriate certificate.
      3. Click Export.
      4. In the Export Certificate dialog, certificate that you selected in Step b is populated in the File name field.
      5. The File location field displays the default <SKLM_DATA> directory path, where the certificate is exported, for example, C:\Program Files\IBM\WebSphere\AppServer\products\sklm\data. For the definition of <SKLM_DATA>, see Definitions for HOME and other directory variables. Click Browse to specify a location under <SKLM_DATA> directory.
      6. Select either BASE64 (default format) or DER (Distinguished Encoding Rules) encoded file format for the certificate.
      7. Click Export Certificate.
    • Command-line interface:
      Type tklmCertExport to export a certificate file. For example:
      print AdminTask.tklmCertExport 
	('[-uuid CERTIFICATE-61f8e7ca-62aa-47d5-a915–8adbfbdca9de 
		-format DER -fileName d:\\mypath\\mycertfilename.der]')
      For more information about tklmCertExport command, see tklmCertExport.
    • REST interface:
      1. Obtain a unique user authentication identifier to access IBM Security Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
      2. To start Certificate Export REST Service, send the HTTP PUT request. Pass the user authentication identifier that you obtained in Step a along with the request message as shown in the following example.
        PUT https://localhost:<port>/SKLM/rest/v1/certificates/export
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"uuid":"CERTIFICATE-61f8e7ca-62aa-47d5-a915–8adbfbdca9de",
"format":"DER",
"fileName":"/mycertificate.der"}
        For more information about Certificate Export REST Service, see Certificate Export REST Service.