How to export SSL certificates from a LoadMaster Certificate Backup

To back up certificates and keys, follow the steps below in the LoadMaster Web User Interface (WUI):

  1. Go to Certificates > Backup/Restore Certs.
  2. In the Certificate Backup section, enter the desired Passphrase twice. This passphrase will be needed when restoring the backup.
  3. After the file is downloaded, rename it to certbackup.gz.
  4. Once you have the .gz file, you can either unzip it from the command line using gzip -d or using a tool such as 7zip.
  5. Rename the resulting file certbackup.aes.
  6. Download and install OpenSSL from the web.
  7. In OpenSSL, enter:
    openssl enc -in certbackup.aes -out certbackup.tar -d -aes256 -md md5 -k passphrase
    Where passphrase is the passphrase you entered when exporting the backup from the LoadMaster.
  8. Untar the resulting file (certbackup.tar).
    The resulting folder will contain your certificates.


Note: These files are in standard x.509 certificate format. You can use this certificate and key to import into IIS or any other web server which accepts standard x.509 certificates.

Was this article helpful?

2 out of 3 found this helpful




Openssl has changed the default message digest from MD5 (openssl-1.0) to SHA256 (openssl-1.1). As with KEMP 7.2.42 the digest is not yet adapted and you have to use following command in order to be able to decrypt the file:
openssl enc -in certbackup.aes -out certbackup.tar -d -aes256 -md md5 -k passphrase

Cloud Engineering

thank you @emak! Kemp needs to update this kb!