The configuration profile which configures the Institutional recovery key on the Workspace ONE UEM console requires only the certificate and not the keychain file.
- Select the FileVault Recovery Key certificate in the FileVaultMaster keychain.
- Select Export FileVault Recovery Key (....)...
- Provide the certificate name as FileVaultMaster (in keeping the name consistent with the keychain file that it was created from).
- Choose the location to save the certificate where you can access the key from your browser. (In this example, ~/Documents/)
- Select Save.
By the end of this step, you now have a certificate file which DOES NOT contain the private key.