How can I export WebTier SSL Key from webtier server/s?
I've moved your question to the RSA SecurID Access space where it will be seen by the product's support engineers, other customers and partners. Please bookmark this page and use it when you have product-specific questions.
Alternatively, from the RSA Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question. From there, scroll to RSA SecurID Access and click Ask A Question. That way your question will appear in the correct space.
Here is one easy way
1) On command line of Primary AM server (not the web tier itself)
./rsautil manage-secrets -a listall
to get the passwords needed to manipulate the keystore
and make note of two passwords:
a) SSL Server Identity Certificate Keystore File Password
b) SSL Server Identity Certificate Private Key Password
2) Get a copy of /opt/rsa/am/server/security/vh-inactive.jks off the machine.
3) Open that jks file with (I use Keystore Explorer 5.x) and use password (a) to open it
From here you can do what you want with the virtualhost-id-key,
use password (b) to manage the private key or change the format, or do exports.
Retrieving data ...