Skip to main content
In the previous section, we imported the TLS CA certificate that signed the client and server TLS certificates into the Trusted Root Certification Authorities Windows Certificate Store. Then, we associated the signed Futurex EKM TLS client certificate with its corresponding private key stored in Windows Certificate Store. In this section, we will use the Export-PfxCertificate PowerShell cmdlet to export the TLS client PKI as a PKCS #12 file. In the next section, we will configure the PKCS #12 file inside the Futurex EKM configuration file (i.e., fxekm.cfg) and use it for the TLS connection to the Excrypt Port on the HSM.

Determine the thumbprint of the Futurex EKM Certificate Stored in Windows Certificate Store

To list certificates stored in the Local Machine store, run the folowing command in PowerShell:
Powershell
  $ Get-ChildItem -Path Cert:\LocalMachine\My
You should see output similar to the following:
Text
  Thumbprint                                            Subject
  ----------                                            ----------
  ADDCFB89CB1CAE80AB386007C200D7D31BAAFB14              CN=Futurex EKM
Copy the thumbprint value that you see to the clipboard.

Export the Futurex EKM client PKI using the Export-PfxCertificate PowerShell command

Run the command below, substituting “YOUR_CERTIFICATE_THUMBPRINT_HERE” and “YOUR_PASSWORD_HERE” with the actual thumbprint and password values.
Powershell
  $ Export-PfxCertificate -Cert "Cert:\LocalMachine\My\YOUR_CERTIFICATE_THUMBPRINT_HERE" -FilePath "ClientPKI.p12" -Password (ConvertTo-SecureString -String "YOUR_PASSWORD_HERE" -Force -AsPlainText)