CODEWITHSUNDEEP
certificateibm-datapower
trilawney
trilawney

Reputation: 1792

How to export certifcate from datapower appliance?

While exporting the multi protocol gateway from datapower, the certificates aren't getting exported. IS there a way by which the certificates from Datapower appliance can be extracted?

Upvotes: 1

Views: 8109

Answers (4)

Vaibhav Padole
Vaibhav Padole

Reputation: 21

Yes, to do this you have to go to Administration > Miscellaneous > Crypto Tools, then navigate to the Export Crypto Object tab.

In the Object Name property, just provide the name of the Cerypto Certificate Object that is referring to the certificate in the cert: you want to export.

In the Output File Name property, specify any name followed by .xml (hold that thought, we are still in middle of the process).

After clicking in Export Crypto Object, a new file with the specified file name will be placed under the temporary: directory.

Now it is time for the trick… Open a text editor of your preference (XMLSpy, Notepad++, Notepad, Text Edit, etc) Feed the first line of a new text file with the following content:

-----BEGIN CERTIFICATE-----

Open the .xml file that was created during the Export Crypto Object process Copy the content that is under the element /crypto-export/certificate into your new text file in your local editor (see in bold):

<?xml version="1.0" encoding="utf-8"?>
<crypto-export version="1">
    <certificate version="1">MIIEYjCCA0qgAwIBAg[...]IQOHO9nj6QowsSATEWDs==</certificate>
</crypto-export>

Finish the work in your new text file with the content:

-----END CERTIFICATE-----

The final file should look similarly to this:

-----BEGIN CERTIFICATE-----

MIIEYEBhMCVVMxCzAJBgNVBAgTAlRYMQ8wDQYDVQQHEwZBdXN0 jCCA0qgAwIBAgIISQOHO9nj6QowDQYJKoZIhvcNAQEFBQAwejE [...] aW4xEjAQBgNVBBAgIISQOHO9nj6QowDQYJKoZIhvcNAQEFBQAw ejELMAkGA1UW50ZWdyYXRpb24gVGVjaG5vbG9naWVzMRYwFAYD VQQDEw1zZ2EuYXZuZXWEWw==

-----END CERTIFICATE-----

Save the file using extension .cer, .pem, etc Done! You have exported a certificate from DataPower under the cert: directory.

Before you ask, yes, DataPower is still safe and private keys cannot be exported following this method.

Upvotes: 2

bjimba
bjimba

Reputation: 928

I've always thought it was rather stupid of DataPower to not distinguish between public keys (certificates) and private keys. There is really no good security reason to disallow exporting public certs.

There is a workaround. It's rather cumbersome, but it comes in handy. Let's say you have a public cert called cert:///my-public.cer and you need to export it.

  1. Create a DataPower Crypto Cert object that points to it, called CC-my-public.

  2. Go to Administration/Miscellaneous/Crypto Tools and select the tab Export Crypto Object.

  3. Select Certificate in Object Type (it's the only allowed selection), and type in CC-my-public in the Object Name and my-public-export.xml in the Output File name.

  4. Click Export Crypto Object button, and then Confirm.

There will now be a file in the temporary filesystem called temporary:///my-public-export.xml and it will contain a Base64-encoded copy of the certificate.

Upvotes: 4

ANIL KOLLA
ANIL KOLLA

Reputation: 1

You can't export files other than local. If you need something dummy , you can always create your own by typing "Crypto Tools" in search. only mandatory field is "Common Name (CN)", I think you know rest,it will create file in cert: with extension -privkey.pem.

Thanks.

Upvotes: 0

Anders
Anders

Reputation: 3412

No, only through a Secure Backup (which is encrypted so you can't read it anyway).

Upvotes: 1

Related Questions