[UNIX, Linux, Windows]

Extracting the public part of a self-signed certificate from a key repository on UNIX, Linux, and Windows

Follow this procedure to extract the public part of a self-signed certificate.

Using strmqikm

If you need to manage TLS certificates in a way that is FIPS compliant, use the runmqakm command. strmqikm (iKeyman) does not provide a FIPS-compliant option.

Perform the following steps on the machine from which you want to extract the public part of a self-signed certificate:

  1. Start the GUI using the strmqikm command (on UNIX, Linux®, and Windows ).
  2. From the Key Database File menu, click Open. The Open window opens.
  3. Click Key database type and select CMS (Certificate Management System).
  4. Click Browse to navigate to the directory that contains the key database files.
  5. Select the key database file from which you want to extract the certificate, for example key.kdb.
  6. Click OK. The Password Prompt window opens.
  7. Type the password you set when you created the key database and click OK. The name of your key database file is displayed in the File Name field.
  8. In the Key database content field, select Personal Certificates and select the certificate.
  9. Click Extract certificate. The Extract a Certificate to a File window opens.
  10. Select the Data type of the certificate, for example Base64-encoded ASCII data for a file with the .arm extension.
  11. Type the certificate file name and location where you want to store the certificate, or click Browse to select the name and location.
  12. Click OK. The certificate is written to the file you specified. Note that when you extract (rather than export) a certificate, only the public part of the certificate is included, so a password is not required.

Using the command line

Use the following commands to extract the public part of a self-signed certificate using runmqckm or runmqakm:
  • On UNIX, Linux, and Windows:
    runmqckm -cert -extract -db filename -pw password -label label -target filename
             -format ascii
    
  • Using runmqakm:
    runmqakm -cert -extract -db filename -pw password -label label
                -target filename -format ascii -fips
    
where: