IBM Support

How to use the Windows Certificate Export Wizard to export certificates in Base-64 encoded X.509 (.cer) format from a p7b formatted file.

Question & Answer


Question

How to use the Windows Certificate Export Wizard to export certificates in Base-64 encoded X.509 (.cer) format from a p7b formatted file so they can be used with the IBM HTTP Server

Cause

After generating a Certificate Signing Request (CSR) file using the ikeyman utility bundle with the IBM HTTP Server. You choose a Certificate Authority (CA) and follow the CA's instructions for sending them the "Certificate Request". In some cases, the Certificate Authority might provide the signed personal certificate and it's associated CA signer certificates in one p7b formatted file. To receive the personal certificate using the iKeyman utility, requires a Base-64 encoded X.509 (.cer) format, instead of the p7b format.

Answer

The Windows Certificate Export Wizard can be used as an easy way to export certificates in Base-64 encoded X.509 (.cer) format from a p7b formatted file.

From a Windows operating system platform, perform the following steps:

  1. Copy the chain.p7b file to a folder on a windows operating system disk drive.

  2. Double click on the chain.p7b file. A window explore split screen will display:



    Note: The sample screen shot shows the p7b file contain four certificates, this might vary from Certificate Authority (CA).

  3. On the left side it will show the chain.p7b file at C:\Certificate File directory location. Click on the + sign expanding to a folder call Certificates.

  4. Highlight the Certificates folder and on right side of the screen, you will see all the certificates chain that contains the chain.p7b file.

  5. To export the certificates follow these steps:
    1. Select the Top-level certificate. This is referred to as the Root or Intermediate certificates Authority; Select the certificate and right-click, select All Task > Export.

    2. A Windows Certificate Export Wizard will open. Click Next.

    3. Select the radio button Base-64 encoded x.509 (.CER) and then click Next.

    4. When prompted for a file name, enter a value and file location that you will use to identify the certificate that you are exporting, and then click Next.

    5. A summary window will appear. Click Finish.

    6. Repeat steps through until you have created .CER files for each certificate.

  6. Once all certificates are exported. Open the key.kdb key database file using iKeyman utility. Add the Root CA and Intermediate CA certificates in the signer certificate section. Then pursue on receiving the personal certificate in the personal certificate section.

For detailed instructions, review Receiving a CA-signed certificate.

[{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"SSL","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5;8.0;7.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
07 September 2022

UID

swg21458997

Page Feedback