How to export the certificate private key from the end entity ? #583
Replies: 1 comment 4 replies
-
|
This all depends how you have enrolled for the certificate. If you uploaded a CSR to get the certificate, the CA has never seen the private key, and it was generated by your client, and you should get the file from where you generated the CSR. If you used "PEM" keystore type when issuing the certificate (but not key recovery enabled), the private key was generated by the CA and sent to the client, but not stored on the CA side. Same there, you can get the private key from the file you downloaded when issuing the certificate. Here's another quick start guide for issuing certificates. There are many different ways to do this, in order to fit many different use cases. |
Beta Was this translation helpful? Give feedback.
-
|
Hi and thanks for the rapid answer!
But then I am not able to perform the key recovery operation you mention. |
Beta Was this translation helpful? Give feedback.
-
|
If the enrollment was succesful, with a server generated keystore, and no error happened when storung the key recovery data, you should get a button to the left when viewing the certificate "Recover Key" |
Beta Was this translation helpful? Give feedback.
-
|
Check the server.log file when enrolling, the audit log will say when key recovery data is store. |
Beta Was this translation helpful? Give feedback.
-
|
Still not able to get the key. I'll start with a fresh installation and follow the tutorial you mentioned before. |
Beta Was this translation helpful? Give feedback.
-
Hello,
I have installed EJBCA CE version 8.2.0.1. I have created some end entity, and I need the PEM file and the KEY file to connect to a MQTT instance. The PEM file is available directly on the certificate page, how to export the KEY file ?
Beta Was this translation helpful? Give feedback.
All reactions