cmu export

This function exports an X.509 certificate or public key from the token or HSM to a file. The supported formats are Raw (binary) and PEM (base 64 encoding).

Syntax

cmu export -outputfile=<filename> [-handle=<handle#> | -ouid=<OUID#>] [-binary] [-key] [-certdelete]

Argument(s) Description
-binary Defines the export format as raw binary (DER encoding) instead of the default PEM (base64) encoding.
-certdelete Specifies that the certificate is to be deleted from the HSM after it is exported (equivalent to running the cmu delete command separately).
-handle=<handle#> The handle of the X.509 certificate to be exported from the HSM to a file. If only one certificate is present on the partition, you do not need to specify its handle. This method of selection applies to Luna HSMs only. On a Luna Cloud HSM service slot, use -ouid.
-key Specifies that the object being exported is a public key.
-label=<label> This option is deprecated and it is ignored. You must specify the -handle or -ouid of the certificate to export.
-ouid=<OUID#> The Object Unified Identifier (OUID) of the X.509 certificate to be exported from the HSM to a file. If only one certificate is present on the partition, you do not need to specify its OUID. This method of selection requires Luna HSM Client 10.2.0 or newer, and applies to Luna Cloud HSM services only. On a Luna HSM slot, use -handle.
-outputfile=<filename> Defines the name of the file that receives the exported certificate.

See also Common CMU Options.

Example

The following command outputs the certificate with handle 7 to file test.cer in PEM format:

cmu export -handle=7 -outputfile=test.cer