Applies to
All Versions
Summary
Occasionally, the option to download a certificate in PKCS#12 format is unavailable for download. There are a couple reasons why this might be the case.
More Info
- Private Key is not stored in TPP. A private key is required to download a PKCS#12 format certificate. If a CSR was generated outside of TPP and then uploaded (also know as a "User Generated" CSR), then the private key will not be in TPP and the format will be unavailable for download. This can be confirmed by:
- Select Inventory > Certificates
- Filter certificates and locate the certificate in question to download
- Click the "Show All Properties" button to expand a list of all properties for the certificate.
- Scroll to the bottom. On the left, there will be indicated one of two statuses. Either: "Private Key Stored: StoredInSoftware" or "Private Key Stored: NotStored". If it says the latter, the private key is missing.
- Granted Permissions are insufficient. Another reason that the PKCS#12 format might not be available is that the private key is stored in TPP, but the user trying to download the certificate does not have permissions to read the key. TPP will treat this scenario the same as though the private key is not stored. To correct:
- Make sure you have the ability to modify user permissions on objects
- Navigate to the certificate in question in the Policy Tree or Inventory > Certificates
- In the Policy Tree, change to the General > Permissions tab. When viewing the cert in the Certificate Inventory, change to Permissions.
- Grant the user who is trying to download the cert the "Private Key Read" permission
- Verify that the user can now download the certificate in PKCS#12 format
Comments