Extracting and downloading PEM contents into separate files

You can avoid having to manually extract PEM contents—the sections that contain the private key and root chain—following a certificate download. Trust Protection Platform can do that for you and then package them up into a zip file for downloading.

When you enable the Extract PEM content into separate files option, the resulting download appears as a single zip file that contains certificate, key and root chain files (depending on which ones you specify):

  • Certificate (.crt)
  • (Optional) Chain Certificates (-chain.pem)
  • (Optional) Private Key (.key)

Root chains are included in the zip file in two ways:

  • As individual PEM files, one for each CA certificate, and

  • As a single PEM formatted chain bundle file that includes all of the CA certificates concatenated together in the chain order that you specify and without any extra comments or text.

    The file name is based on the CN of the certificate with -chain.pem added as the suffix.file_extension.

    NOTE  The chain does not include the subject/issuer informational headers that are included when the certificate and chain are downloaded together in the same PEM file.

To extract and download PEM contents as separated files

  1. From the TLS Protect menu bar, click click Inventory > Certificates.

    TIP  You can also access the Download option from a specific certificate's Details page.

  2. In the certificate list, find the certificate you want to download.

  3. Choose one of the following:

    • From the certificate list, click Download using the action button.

    • Click the certificate's Nickname to open its details page, and then click > Download.

  1. In the Download box, click Format and select one of the available PEM formats from the list.

    • PEM (PKCS#8)
    • PEM (OpenSSL)
  2. (Optional)Select one or both of the following components to include in the download:

    1. Root Chain

    2. Private Key

  3. (Conditional) If you selected Root Chain in the previous step, then specify the order in which you want all of the concatenated CA certificates included by selecting either End Entity First or Root First from the Chain Order list.

  4. In the Password field, type a new password (and then type it again in the Confirm Password field to verify).

    Create a strong password by using a

    • minimum of 12 characters
    • combination of at least three of the following:
      • one or more lowercase letters
      • one or more uppercase letters
      • one or more numbers
      • one or more special characters

  5. Select the Extract PEM content into separate files check box, and then click Download.