Recover User keypair

Enabling KRS (Key Recovery Service) while creating a certificate profile allows users to recover the keypair for the certificates. This is a useful feature for organizations that need to be able to recover the keypair for their certificates in the event of a disaster or other incident.

Recover

When Is KRS Enabled is selected in the certificate profile, officers can recover keys using two different modes for user certificates.

PFX with New Password
PFX with Old Password.

Select a search criteria from the dropdown box on the left. The following search criteria are available:

Serial Number – the serial number of the user certificate
Common Name – the common name (CN) of the user certificate
Issuer Name – the CN of the issuer (= CA) of the user certificate
Status – the state of the certificate
Subscriber Id – the subscriber ID used to create the user certificate

For all search criteria, except Issuer Name and Status, enter the search value in the right field. For Issuer Name, a dropdown box with existing CA names is provided.

For Status, the right field changes to the following dropdown box:

After inserting the search value or selecting the status filter, click Search to filter for all matching user certificates.

Here's an example of a filter that specifically applies to the "Active" status:

View

Click on to view the user certificate details:

Download

Click on to download the user certificate as

DER-encoded X.509 certificate (.cer)
Base64-encoded X.509 certificate (.cer)
Cryptographic Message Syntax Standard PKCS#7 certificate (.p7b)

Select the export format of your choice and click Download to start the download of the user certificate. The user certificate will be downloaded to the standard download location of your OS.

Recover

Click on icon to start the recovery dialog:

By default, "Keystore with new password" will be selected and you will be prompted to insert a new password.

Enter the new user certificate password in the New Password field. You can view the password policy by hovering over it.

While "Keystore with old password" will not prompt for a new password but will generate the new user certificate with the old password again.

Press "Authenticate" after confirming and using your Officer token.

To generate a new user certificate key, simply click on the "Recover key" button.

PreviousManage OCSP Certificates NextReports

Last updated 8 months ago