cmu export
This function exports an X.509 certificate or public key from the token or HSM to a file. The supported formats are Raw (binary) and PEM (base 64 encoding).
Syntax
cmu export -outputfile=<filename> [-handle=<handle#> | -ouid=<OUID#>] [-binary] [-key] [-certdelete]
Argument(s) | Description |
---|---|
-binary | Defines the export format as raw binary (DER encoding) instead of the default PEM (base64) encoding. |
-certdelete | Specifies that the certificate is to be deleted from the HSM after it is exported (equivalent to running the cmu delete command separately). |
-handle=<handle#> | The handle of the X.509 certificate to be exported from the HSM to a file. If only one certificate is present on the partition, you do not need to specify its handle. This method of selection applies to Luna HSMs only. On a Luna Cloud HSM service slot, use -ouid. |
-key | Specifies that the object being exported is a public key. |
-label=<label> | This option is deprecated and it is ignored. You must specify the -handle or -ouid of the certificate to export. |
-ouid=<OUID#> | The Object Unified Identifier (OUID) of the X.509 certificate to be exported from the HSM to a file. If only one certificate is present on the partition, you do not need to specify its OUID. This method of selection |
-outputfile=<filename> | Defines the name of the file that receives the exported certificate. |
See also Common CMU Options.
Example
The following command outputs the certificate with handle 7 to file test.cer in PEM format:
cmu export -handle=7 -outputfile=test.cer