cmu export

This function exports an X.509 certificate or public key from the token or HSM to a file. The supported formats are Raw (binary) and PEM (base 64 encoding).

Syntax

cmu export { -handle=<handle#> | -label=<label> } -outputfile=<filename> [-binary] [-key] [-certdelete] [-password=<password>] [-ped=<PED_ID>] [-slot=<slot#>]

Argument(s) Description
-binary Defines the export format as raw binary instead of the default PEM (base64) encoding.
-certdelete Specifies that the certificate is to be deleted from the HSM after it is exported (equivalent to running the cmu delete command separately).
-handle=<handle#> The handle of the X.509 certificate to be exported from the HSM to a file.
-key Specifies that the object being exported is a public key.
-label=<label> The label of the object to export.
-outputfile=<filename> Defines the name of the file that receives the exported certificate.
Common
-password=<password> The password for the role accessing the current slot, with the current command. If this is not specified, it is prompted.
-ped=<PED_ID> Specifies the PED ID for the registered Remote PED that will handle authentication for the current slot, with the current command. You must specify this parameter to use Remote PED authentication.
-slot=<slot#> The slot to be acted upon, by the current command. If this is not specified, it is prompted.

Example

The following command outputs the certificate with handle 7 to file test.cer in PEM format:

cmu export -handle=7 -outputfile=test.cer