Export a certificate to a file

This topic describes how to export a community or partner certificate to a file. The procedure for both is similar, except for a community certificate you have the option of exporting the private key as well as the public key. This option does not apply to partner certificates, which only contain public keys.

After exporting a community certificate, you can send the file to your partners by email or other means.

For your partner, export a community certificate that contains your public key. Never give your partner a community certificate that contains your private key.

For yourself for backup purposes, you can export a community certificate that contains your private and public keys. If you do, keep this certificate in a secure place and never give it to anyone.

You can export a partner certificate and public key to a file to keep as a backup. If the partner certificate is deleted from the system, you can import the certificate again if needed.

Prerequisite tasks for PKCS #12 (.p12, .pfx) file export

For security reasons, the certificate export wizard of Activator Communities is not enabled by default for the export of PKCS #12 (.p12, .pfx) files.

In order to enable PFX file exports, you must do two things:

  1. Enable private key export in Activator.
  2. For any user except the admin user, provide express permission for the user to export private keys.

Task 1: Enable private key export in Activator

  1. On the machine where you installed Activator, go to:
  2. <Activator_install_directory>\ Activator \conf\
  3. Open crossworks.properties in an editor.
  4. Set the property:
  5. privateKey.export.enable=true
  6. Save the file.
  7. Restart Activator. The permission for certificate export is visible only after privateKey.export.enable is set to "true" and Activator is restarted.

When you complete this task, the admin user can export private keys, however, for any other user, the permission must be explicitly given by using the following task.

Task 2: Provide permission to a user to export private keys

This task is not necessary for the admin user, who automatically acquires this permission on completion of task 1 above.

  1. In the Activator UI, from the menu bar select Users and roles > manage roles to open the User roles page.
  2. Locate the role of the user or users who should be allowed to export private keys. You can create a new role for this permission if necessary. Click the role to open the Change user role page.
  3. Locate the permission Manage trading configuration / Export private key from any certificate with a private key and click it to select it.
  4. Note: This permission is not available for selection unless you complete task 1 above.
  5. Click Save changes.
  6. You must now attribute this role each user responsible for exporting private keys.

Certificate export procedure

  1. In the community or partner area of the user interface, go to the summary page for the community or partner you want.
  2. Click Certificates on the navigation graphic at the top of the community or partner summary page to open the certificates page.
  3. Click the name of the certificate to export to open the certificate information page.
  4. Click Export this certificate to open the certificate export page. A partner certificate export page does not have the option for exporting a private key. (If you are starting from the certificates search page, the path to the export page is different. See Certificates search results page.)
  5. Select an export option. If you are exporting a community certificate for use by a partner, note that the DER and PKCS#7 options are functionally the same. However, the one to select depends primarily on what your partner’s trading engine supports.
  6. For trading between partners who both use Axway software, we recommend selecting PKCS#7 and the option to include all certificates in the certification path. Although this is the most all-inclusive choice, you can nevertheless choose DER instead with no adverse effects.
  7. The following explains the options in more detail. If you trade with partners who use interoperable software, we recommend that you determine whether their software supports DER, PKCS#7 or both.
    • DER encoded binary X.509 (.cer) – Select this option to export a binary file with an extension of cer. The file contains a single binary certificate containing a public key. If your partner’s software only supports DER encoded certificates, select this option.
    • Cryptographic Message Syntax Standard PKCS #7 (.p7b, .p7c) – Select this option to export a file with an extension of p7c. The file can contain all the certificates needed to support trading, if more than one is required. If your partner’s software supports a certificate in a PKCS#7 format, we recommend this option over DER. If you select this, you also can select Include all certificates in the certification path if possible. This option includes all certificates in the chain of trust for the certificate. This is the most all-inclusive method for exporting a certificate. However, be aware that your partner’s software, if not Axway, might not support the entire certificate path in the p7c file.
    • Personal Information Exchange PKCS #12 (.p12, .pfx) – This option is only available if you have performed prerequisite tasks. See Prerequisite tasks for PKCS #12 (.p12, .pfx) file export.
    • Select this option to export a community certificate containing the private key, then provide and confirm a password.
    • Caution: You should do this only if you can keep the certificate in a highly secure place. This option is available only for community certificates and not for partner certificates.
  8. Click Export certificate to display a file download dialog.
  9. Click Save to display the Save As dialog.
  10. Review the file name and path for the file you are exporting. If you want to change the path or name, you can navigate to a new folder or type a new file name.
  11. Click Save to export the certificate. The Certificate export page reappears.
  12. Click Close.
  13. If you exported a community certificate for a partner, send the certificate file to the partner by a secure means.

Related Links