10.2. Exporting Keys from a Software Database

Ideally, the keys for the master instance are exported when the instance is first created. If the keys were not exported then or if the backup file is lost, then it is possible to extract the keys from the internal software database for the subsystem instance using the PKCS12Export command. For example:
PKCS12Export -debug -d /var/lib/instance_name/alias -w p12pwd.txt -p internal.txt -o master.p12
The PKCS#12 file (in this example, master.p12) can then be copied to the clone instance's alias/ directory and imported during the clone configuration.

NOTE

Keys and certificates do not need to be exported from an HSM, so long as the clone instance is installed using the same HSM as the master. If both instances use the same key store, then the keys are naturally available to the clone.