All Products
Search

This Product

    Key Management Service:getCert

    Document Center

    Key Management Service:getCert

    Last Updated:Nov 24, 2025

    This topic explains the process of using the getCert command to retrieve a certificate from HSM.

    Feature description

    The getCert command lets you export a certificate from HSM and save it as a file. It is particularly useful for troubleshooting when a certificate is not functioning properly or when there is a configuration issue.

    Important

    Ensure you have initiated the key_mgmt_tool and logged on to HSM as a CU before executing this command.

    Syntax

    Enter the parameters as per the syntax provided below. For descriptions of each parameter, refer to Parameters.

    getCert -f <file-name> 
        -t <certificate-type>
    Important

    It is crucial to input the parameters in the sequence outlined by the syntax.

    Example

    The following example demonstrates how to export the HSM root certificate.

    Command:   getCert -f userRoot.crt -s 4

       	Cfm3GetCert() returned 0 :HSM Return: SUCCESS

    Parameters

    Parameter Name

    Description

    Required

    Valid Values

    -f

    Designates the file name for saving the certificate.

    Yes

    No Special Requirements

    -s

    Indicates the certificate type.

    Yes

    • 1: Manufacturer root certificate

    • 2: Manufacturer hardware certificate

    • 4: Customer root certificate

    • 8: HSM cluster certificate (signed by the customer root certificate)

    • 16: HSM certificate (manufacturer root certificate)