Previous Topic: Obtain Certificates Directly Though a Certificate Authority (CA)Next Topic: Enable SSL Between CA Advanced Authentication and CA Risk Authentication Case Management Server

CA Risk Authentication Administration GuideConfigure SSLPrepare for SSL CommunicationObtain Certificates Directly Though a Certificate Authority (CA)Download Certificates

Download Certificates

The certificates that you requested through Microsoft CA 2008 are installed in the browser store, from where you have to download them. The format in which you have to download the certificate depends on the encryption mode:

In PKCS#12 Format

To download the certificate and private key to a PKCS#12 file by using Microsoft CA 2008:

  1. Open an Internet Explorer window.
  2. Navigate to Tools and then Internet Options.

    The Internet Options dialog box appears.

  3. Activate the Content tab, in the Certificates section click Certificates.

    The Certificates dialog box appears.

  4. Select the certificate that you want to download and click Export.

    The Certificate Export Wizard appears.

  5. Click Next on the Welcome screen.
  6. Choose Yes, export the private key option, and click Next.
  7. Ensure that the Personal Information Exchange - PKCS # 12 (.PFX) option is selected.
  8. Select Enable Strong Protection option, and click Next.
  9. Enter the password for the PKCS#12 (.PFX) file in the Password and Confirm password fields, and click Next.
  10. Enter the File name with which you want to download the PKCS#12 (.PFX) file and click Next.
  11. Click Finish to complete the wizard.

    The certificate and private key are now available on your system in the specified location.

In PEM Format

You cannot directly export the certificate in .PEM format from the browser certificate store. As a result, you must first download it in .DER format (by using Microsoft CA 2008) and then convert to .PEM as follows:

  1. Open an Internet Explorer window.
  2. Navigate to Tools and then Internet Options.

    The Internet Options dialog box appears.

  3. Activate the Content tab, in the Certificates section click Certificates.

    The Certificates dialog box appears.

  4. Select the certificate that you want to download and click Export.

    The Certificate Export Wizard appears.

  5. Click Next on the Welcome screen.
  6. Choose No, do not export the private key option and then Next.
  7. Ensure that the DER encoded binary X.509 (.CER) option is selected.
  8. Click Next.
  9. Enter the File name with which you want to download the certificate, and click Next.
  10. Click Finish to complete the wizard.

    The certificate is now available on your system in the specified location.

  11. Convert DER to PEM format.

    To convert the certificate from DER to PEM format, you can use open source tools such as OpenSSL. Use the following command to convert using OpenSSL tool:

    openssl x509 -inform der -in <certificate>.cer -out <certificate>.pem