Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 96

Chapter 3. Setting up Key Archival and Recovery
a. Open the DRM's agent services page, and click the Recover Keys link. Search for the key by
the key owner, serial number, or public key. If the key has been archived successfully, the key
information will be shown.
b. Click Recover.
c. In the form that appears, enter the the PKCS #12 password which encrypts the PKCS #12
package and the base-64 encoded certificate that corresponds to the private key to recover;
use the CA to get this information. If the archived key was searched for by providing the
base-64 encoded certificate, then the certificate does not have to be supplied here.
d. The next screen returns a key recovery authorization number and a link to verify the status of
this key recovery initiation request. This page keeps refreshing until all agents have completed
authorizing the recovery request. It is important not to close this browser window.
Depending on the agent scheme, a specified number of agents must authorize this key
recovery. Send this key recovery request authorization number to each of those agents. Once
the agents receive this key recovery authorization number, they can authorize this request by
going to the DRM agent services page and clicking the Authorize Recovery link.
e. Once all the agents have authorized the recovery, the next screen returns a link to download a
PKCS #12 blob containing the recovered key pair. Follow the link, and save the blob to file.
9. Restore the key to the browser's database. Import the .p12 file into the browser and mail client.
10. Open the test email. The message should be shown again.
74