Before you begin
You need to know the email address you used when you requested
the certificate. You also should know the passphrase you entered on
the certificate request. However, if you have forgotten the passphrase,
and your company has implemented security questions, and you answered
the security questions when you requested the certificate, you can
provide those answers instead of the passphrase.
About this task
Perform the following steps to recover a certificate whose
keys were generated by PKI Services.
Procedure
- On the PKI Services home page (see Figure 1), click Recover
Certificate. A window similar to the one shown
in Figure 1 opens.
Figure 1. Web page to
recover a certificate
_______________________________________________________________
- On the "Recover previously issued
certificate" window, take one of the following actions:
- If you remember the passphrase you used when you requested
the certificate that you want to recover, enter the passphrase and
the email address you used when you requested the certificate and
click Recover Certificate.
- If you have forgotten the passphrase you used, click Click
here if you forget the pass phrase. A Web page similar
to the one shown in Figure 2 is displayed.
Enter the email address you used when you requested the certificate
and the answers to the security questions, and click Recover
Certificate.
Figure 2. Web page requesting answers to security questions
when you have forgotten the passphrase
- The Web page shown in Figure 3 is
displayed listing the certificates that you can recover, and an email
with links to those certificates is sent to your email address.
Figure 3. Web
page listing certificates that can be recovered
Click Show Pass phrase to
find out the pass phrase for the certificate you want to recover,
if you have forgotten it. You will need it to recover the certificate.
The passphrase is displayed as shown in Figure 4. Click Hide Pass
phrase to hide the passphrase again.Figure 4. Web page showing the passphrase
for a certificate to be recovered
_______________________________________________________________
- Open the email you were sent. Figure 5 shows a sample email
that lists one certificate eligible for recovery. Click on the link
for the certificate that you want to recover.
Figure 5. Sample
email that lists certificates that can be recoveredAttention - Please do not reply to this message as it was automatically sent by
a service machine.
Dear lewallen@us.ibm.com,
Here is a list of certificate(s) that satisfy your searching criteria for
recovery:
0000000000000008 : CN=Nancy Lewallen,OU=Class 1 Internet Certificate CA,O=The Firm
Please choose the certificate you want and visit the corresponding link to
retrieve it (you can identify the certificate by the serial number from the
part of the link between '?' and '&')
https://www.dimeocert.com/Customers/ssl-cgi-in/caretrieve.rexx?SerialNo=0000000000000008
&KeyID=2FBE1B1AC36F63C712AB6F5B829681549FD2095E
You will need to input your pass phrase that you entered when you submitted the
request.
_______________________________________________________________
- The link takes you to the Web page shown in Figure 6.
Figure 6. Web page
to retrieve a recovered certificate
Fill
in the email address and passphrase you used on the original certificate
request, and click Retrieve Certificate._______________________________________________________________
- A window opens asking whether you want to open or save
the PKCS #12 package containing the certificate and private key. This
window is shown in Figure 7.
Figure 7. Window
asking whether to open or save the PKCS #12 package
Click Open to
invoke the Certificate Import Wizard to copy the certificate to a
certificate store. Click Save to save the PKCS
#12 package in a file._______________________________________________________________
Results
When you are done, you have recovered your PKI generated
key certificate.