1. Installation and Administration Guide
  2. Certificates
  3. Save a Client Certificate

Save a Client Certificate

Save a certificate so that it can be used by the OKM command line utility to authenticate itself as a valid OKM user.

Save the client certificate in either PEM format or PKCS#12 format. Save a certificate in PEM format to use if for Command Line Interface (CLI) operations. The PEM format contains the certificate and the unencrypted private key. The PKCS#12 format is encrypted. You can convert a PKCS#12 format to PEM format if needed (see Convert PKCS#12 Format to PEM Format).

Note:

Store these certificate files in a secure location with sufficient permissions to restrict access by other users.
  1. From the System menu, select Save Certificates.

    The Save Certificates dialog box is displayed, with automatically-generated filenames for the Root CA Certificate and the Client Certificates. You can edit these filenames directly or click Browse to select a different destination path or edit the filenames.

  2. In the Format field, select the format that the certificate should be in when it is exported.
  3. If you selected the PKCS#12 format, type a passphrase in the Passphrase field to use for encryption and retype this passphrase in the Confirm Passphrase field.
  4. Click OK to export these certificates. When these certificates have been exported, a message is displayed, indicating the locations of these files.
  5. You can use the openssl utilty to view the contents of the downloaded certificate. For example:
    openssl x509 -text -noout -in ca.crt

Convert PKCS#12 Format to PEM Format

Use the openssl utility to convert a certificate saved in PKCS#12 format to PEM format. PEM format is used by the OKM command line utility.

  1. Locate the openssl utility in the directory where the OpenSSL distribution is installed on your workstation.
  2. Use the following syntax:
    openssl pkcs12 -in PKCS12file -out PEMfile -nodes

    For example:

    openssl pkcs12 -in KeyTransferOperator.p12 \
-out KeyTransferOperator.pem -nodes
Enter Import Password:

    The -nodes argument is necessary to export the private key. Since the private key is not password protected, you should appropriately manage this file. The Import Password can optionally be specified on the command line using the -passin parameter, if required.