Exports a certificate from an HSM and saves it to a local file. Use this command to retrieve a specific certificate type for troubleshooting certificate issues or configuration problems.
Prerequisites
Before you begin, make sure that you have:
Started
key_mgmt_toolLogged in to HSM as a Crypto User (CU)
Syntax
getCert -f <file-name>
-s <certificate-type>Important
Enter parameters in the order shown in the syntax.
Parameters
| Parameter | Description | Required | Valid values |
|---|---|---|---|
-f | The file name to save the certificate to. | Yes | No special requirements |
-s | The certificate type. | Yes | See Certificate types |
Certificate types
| Value | Certificate type |
|---|---|
1 | Manufacturer root certificate |
2 | Manufacturer hardware certificate |
4 | Customer root certificate |
8 | HSM cluster certificate (signed by the customer root certificate) |
16 | HSM certificate (manufacturer root certificate) |
Example
The following example exports the HSM root certificate and saves it as userRoot.crt.
getCert -f userRoot.crt -s 4Expected output:
Cfm3GetCert() returned 0 :HSM Return: SUCCESS