hsm generatedak [command removed HSM version 7.7.0 and later]

Generate a new DAK pair. These can be used to create a new MAC (Manufacturer's Authentication Certificate) & DAC (Device Authentication Certificate). Use this command if you wish to replace the default objects that were shipped from the factory. If you are not using MAC and DAC in your operation, then this command and the related commands for the certificates are not of use to you, and running them will not harm anything. If your operation does use DAK and the derived certificates, use this command only in compliance with your operational procedures. [Command is deprecated before release 7.7.0]

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

Synopsis

hsm generatedak [-force]

Example

lunash:>hsm generatedak

CAUTION:  Are you sure you wish to re-generate the DAK?
          All existing DACs on the HSM will be erased.

          Type 'proceed' to generate the DAK, or 'quit'
          to quit now.
          > proceed
'hsm generateDAK' successfully completed.

Use 'scp' from a client machine to get file named:
DAKCertRequest.bin


Command Result : 0 (Success)