You must export the IBM Security Key Lifecycle Manager SSL/KMIP
server certificate to a file in an encoded format for use by the client
device. The client device imports this certificate for secure communication
with the server.
About this task
Use the Export Certificate dialog, tklmCertExport command,
or Certificate Export REST Service to export the IBM Security Key Lifecycle Manager SSL/KMIP
server certificate to a file in an encoded format.
Procedure
- Go to the appropriate page or directory.
- Export a certificate.
- Graphical user
interface:
- Click .
- In
the Certificates table, select the
appropriate certificate.
- Click Export.
- In the Export Certificate dialog, certificate
that you selected in
Step b
is populated in the File
name field.
- The File location field displays the default
<SKLM_DATA> directory path, where the certificate is exported, for example,
C:\Program Files\IBM\WebSphere\AppServer\products\sklm\data. For the definition
of <SKLM_DATA>, see Definitions for HOME and other directory variables.
Click Browse to specify a location under <SKLM_DATA> directory.
- Select either BASE64 (default
format) or DER (Distinguished
Encoding Rules) encoded file format for the certificate.
- Click Export
Certificate.
- Command-line interface:
Type
tklmCertExport
to
export a certificate file. For example:
print AdminTask.tklmCertExport
('[-uuid CERTIFICATE-61f8e7ca-62aa-47d5-a915–8adbfbdca9de
-format DER -fileName d:\\mypath\\mycertfilename.der]')
For
more information about
tklmCertExport command,
see
tklmCertExport.
- REST interface:
- Obtain a unique user authentication identifier
to access IBM Security Key Lifecycle Manager REST
services. For more information about the authentication process, see Authentication process for REST services.
- To start Certificate Export REST Service, send
the HTTP PUT request. Pass the user authentication identifier that
you obtained in
Step a
along with the request message
as shown in the following example.PUT https://localhost:<port>/SKLM/rest/v1/certificates/export
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"uuid":"CERTIFICATE-61f8e7ca-62aa-47d5-a915–8adbfbdca9de",
"format":"DER",
"fileName":"/mycertificate.der"}
For more information about Certificate
Export REST Service, see Certificate Export REST Service.