How to download certificates from DataPower to your desktop

Following a conversation on a DataPower developerworks forum, I have decided to write a dedicated post in my blog.

DataPower is a highly secured device. Until recently I was under the impression, that once a digital certificate was uploaded to DataPower, it cannot be downloaded. Boy, I was wrong. The following section is a step by step guide to download certificates from a DataPower appliance:

Log into WebGUI. Create a new Certificate object, name it "FOO_Cert" and point to a certificate file located in the cert or sharedcert folder. Go to "Crypto Tools" and switch to "Export Crypto Object" tab. In the "Object Type" combo make sure "Certificate" is selected. In the "Object Name" type "FOO_Cert", certificate object created in the 1st step. In the "Output File Name" type FOO_Cert.xml Click "Export Crypto Object" button. Go to File Management and download the FOO_Cert.xml file from temporary folder. Remove all XML tags, leave only the base64 part, and save the file. The certificate is in the file!

Tested on IDG Virtual Edition, XI52 physical appliance, and other appliances. Not tested on appliances with enabled Common Criteria.

It can also be achieved using SOMA API function, and in one of my projects we've created a GUI for downloading certificates from DataPower.

It is important to state that since there is nothing wrong having certificates and public keys freely accessible, this doesn't make DataPower vulnerable, especially hence one still needs credentials to log into the appliance.


Fell free to reach out with any question.

Gosha