Exporting a personal certificate from a key repository

Using iKeyman

If you need to manage SSL certificates in a way that is FIPS compliant, use the runmqakm command. iKeyman does not provide a FIPS-compliant option.

Perform the following steps on the machine from which you want to export the personal certificate:

1. Start the iKeyman GUI using the strmqikm command (on Windows UNIX and Linux® ).
2. From the Key Database File menu, click Open. The Open window opens.
3. Click Key database type and select CMS (Certificate Management System).
4. Click Browse to navigate to the directory that contains the key database files.
5. Select the key database file from which you want to export the certificate, for example key.kdb.
6. Click Open. The Password Prompt window opens.
7. Type the password you set when you created the key database and click OK. The name of your key database file is displayed in the File Name field.
8. In the Key database content field, select Personal Certificates and select the certificate you want to export.
9. Click Export/Import. The Export/Import key window opens.
10. Select Export Key.
11. Select the Key file type of the certificate you want to export, for example PKCS12.
12. Type the file name and location to which you want to export the certificate, or click Browse to select the name and location.
13. Click OK. The Password Prompt window opens. Note that when you export (rather than extract) a certificate, both the public and private parts of the certificate are included. This is why the exported file is protected by a password. When you extract a certificate, only the public part of the certificate is included, so a password is not required.
14. Type a password in the Password field, and type it again in the Confirm Password field.
15. Click OK. The certificate is exported to the file you specified.

Using the command line

where: