cmu export
This function exports an X.509 certificate or public key from the token or HSM to a file. The supported formats are Raw (binary) and PEM (base 64 encoding).
Syntax
cmu export { -handle=<handle#> | -ouid=<OUID#> | -label=<label> } -outputfile=<filename> [-binary] [-key] [-certdelete] [-password=<password>] [-ped=<PED_ID>] [-slot=<slot#>]
Argument(s) | Description |
---|---|
-binary | Defines the export format as raw binary (DER encoding) instead of the default PEM (base64) encoding. |
-certdelete | Specifies that the certificate is to be deleted from the HSM after it is exported (equivalent to running the cmu delete command separately). |
-handle=<handle#> | The handle of the X.509 certificate to be exported from the HSM to a file. This method of selection applies to Luna HSMs only. On a Luna Cloud HSM service slot, use -ouid. |
-key | Specifies that the object being exported is a public key. |
-label=<label> | The label of the object to export. |
-ouid=<OUID#> | The Object Unified Identifier (OUID) of the X.509 certificate to be exported from the HSM to a file. This method of selection requires Luna HSM Client 10.2.0 or newer, and applies to Luna Cloud HSM services only. On a Luna HSM slot, use -handle. |
-outputfile=<filename> | Defines the name of the file that receives the exported certificate. |
Common | |
-password=<password> | The password for the role accessing the current slot, with the current command. If this is not specified, it is prompted. |
-ped=<PED_ID> | Specifies the PED ID for the registered Remote PED that will handle authentication for the current slot, with the current command. You must specify this parameter to use Remote PED authentication. |
-slot=<slot#> | The slot to be acted upon, by the current command. If this is not specified, it is prompted. |
Example
The following command outputs the certificate with handle 7 to file test.cer in PEM format:
cmu export -handle=7 -outputfile=test.cer