Nexus Documentation

Space shortcuts

Page tree

Nexus information on: Azure Key Leakage - Storm-0558
Nexus awareness advisory on Microsoft’s update KB5014754

Visit Nexus to get an overview of Nexus' solutions, read customer cases, access the latest news, and more.

This article describes the syntax for how to install a certificate. The hwsetup command line tool, included in Nexus Certificate Manager (CM), is used.

Syntax

Syntax: Install certificate
hwsetup -libname <pkcs11lib> [-slot <slot#>] [-pin <PIN>] [-nopinpad]
[-id <CKA_ID>] [-label <CKA_LABEL>] [-login user|so]
-setcert [<filename>] [-replace]

Options and arguments

For a description of the options libnameslotpinnopinpad, label and login and their arguments, see Generate DSA/EC/RSA key pair.

Options and ArgumentsDescription
setcert <filename>

Use this option to install the certificate, stored in the specified file, in the HSM. The CKA_ID and optional CKA_LABEL attributes are set for the new certificate object.

id <CKA_ID>Use this option to specify the CKA_ID attribute of the public key object that holds the same public key as in the certificate. The id is required for a DSA or EC public key and optional for an RSA public key certificate. Default: The CKA_ID of the RSA public key object with the CKA_MODULUS attribute matching the public key in the certificate.
replace Use this option if you want to remove all the previous installed certificates for the provided slot and id and replace them with the new one. Default: Not flagged

Example

To install the certificate issued by the CA. The certificate is located in the file careply.cer:

Example: Install certificate from file careply.cer
hwsetup -libname crypto -slot 1 -pin abcd -id mykey -setcert careply.cer

This article is valid from CM 8.0

Related information

© 2023 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions