All Products
Search

This Product

    Key Management Service:getCert

    Document Center

    Key Management Service:getCert

    Last Updated:Apr 25, 2025

    This topic explains the process of obtaining a certificate from HSM using the getCert command.

    Feature description

    The getCert command allows for the retrieval of certificates from HSM, aiding in troubleshooting certificate abnormalities or configuration faults.

    Important

    Ensure you are in server mode on the target HSM before executing this command. For more information, see server.

    User type

    The command can be executed by the following user types. Refer to the HSM user permission table for user descriptions.

    • Administrator (CO)

    • Cryptographic User (CU)

    • Audit User (AU)

    Syntax

    Enter the command as per the following syntax. For a description of the parameters, see Parameters.

    server0> getCert <file-name> <certificate-type>
    Important

    Parameters must be entered in the order specified by the syntax.

    Example

    The example below demonstrates how to obtain the HSM root certificate.

    1. Enter server mode using the server command.

      cloudmgmt>server 0
Server is in 'E2E' mode...

server0>

    2. Retrieve the HSM root certificate and save it as /tmp/PO.crt.

      server0>getCert /tmp/PO.crt 4
getCert success

    Parameters

    Parameter Name

    Description

    Required

    Valid Values

    <file name>

    Specifies the file name for saving the certificate.

    Yes

    No special requirements

    <certificate type>

    Defines the type of certificate to retrieve.

    Yes

    • 1 - Manufacturer root certificate

    • 2 - Manufacturer hardware certificate

    • 4 - HSM root certificate

    • 8 - HSM certificate (customer root certificate sign)

    • 16 - HSM certificate (manufacturer root certificate)