The configuration profile which configures the corporate recovery key on AirWatch Console requires only the certificate and not the keychain file.

Export the certificate from within the keychain and distribute the corporate recovery key to macOS through AirWatch console by following the steps:

Export certificate

  1. Select the FileVault Recovery Key certificate in the FileVaultMaster keychain.
  2. Select Export FileVault Recovery Key (....)...
  3. Provide the certificate name as FileVaultMaster (in keeping the name consistent with the keychain file that it was created from).
  4. Choose the location to save the certificate where you can access the key from your browser. (In this example, ~/Documents/)
  5. Select Save.

By the end of this step, you now have a certificate file which DOES NOT contain the private key.