Steps for recovering a certificate whose keys were generated by PKI Services

Before you begin

You need to know the email address you used when you requested the certificate. You also should know the passphrase you entered on the certificate request. However, if you have forgotten the passphrase, and your company has implemented security questions, and you answered the security questions when you requested the certificate, you can provide those answers instead of the passphrase.

About this task

Perform the following steps to recover a certificate whose keys were generated by PKI Services.

Procedure

On the PKI Services home page (see Figure 1), click Recover Certificate. A window similar to the one shown in Figure 1 opens.
Figure 1. Web page to recover a certificate

_______________________________________________________________
On the "Recover previously issued certificate" window, take one of the following actions:
1. If you remember the passphrase you used when you requested the certificate that you want to recover, enter the passphrase and the email address you used when you requested the certificate and click Recover Certificate.
2. If you have forgotten the passphrase you used, click Click here if you forget the pass phrase. A Web page similar to the one shown in Figure 2 is displayed. Enter the email address you used when you requested the certificate and the answers to the security questions, and click Recover Certificate.
  Figure 2. Web page requesting answers to security questions when you have forgotten the passphrase
The Web page shown in Figure 3 is displayed listing the certificates that you can recover, and an email with links to those certificates is sent to your email address.
Figure 3. Web page listing certificates that can be recovered
Click Show Pass phrase to find out the pass phrase for the certificate you want to recover, if you have forgotten it. You will need it to recover the certificate. The passphrase is displayed as shown in Figure 4. Click Hide Pass phrase to hide the passphrase again.
Figure 4. Web page showing the passphrase for a certificate to be recovered

_______________________________________________________________

Open the email you were sent. Figure 5 shows a sample email that lists one certificate eligible for recovery. Click on the link for the certificate that you want to recover.

Figure 5. Sample email that lists certificates that can be recovered

Attention - Please do not reply to this message as it was automatically sent by
a service machine.

Dear lewallen@us.ibm.com,

Here is a list of certificate(s) that satisfy your searching criteria for
recovery:
0000000000000008 : CN=Nancy Lewallen,OU=Class 1 Internet Certificate CA,O=The Firm

Please choose the certificate you want and visit the corresponding link to
retrieve it (you can identify the certificate by the serial number from the
part of the link between '?' and '&')

https://www.dimeocert.com/Customers/ssl-cgi-in/caretrieve.rexx?SerialNo=0000000000000008
&KeyID=2FBE1B1AC36F63C712AB6F5B829681549FD2095E

You will need to input your pass phrase that you entered when you submitted the
request.

_______________________________________________________________

The link takes you to the Web page shown in Figure 6.
Figure 6. Web page to retrieve a recovered certificate
Fill in the email address and passphrase you used on the original certificate request, and click Retrieve Certificate.
_______________________________________________________________
A window opens asking whether you want to open or save the PKCS #12 package containing the certificate and private key. This window is shown in Figure 7.
Figure 7. Window asking whether to open or save the PKCS #12 package
Click Open to invoke the Certificate Import Wizard to copy the certificate to a certificate store. Click Save to save the PKCS #12 package in a file.
_______________________________________________________________

Results

When you are done, you have recovered your PKI generated key certificate.