Visit Nexus to get an overview of Nexus' solutions, read customer cases, access the latest news, and more.

This article describes the syntax for how to install a certificate. The hwsetup command line tool, included in Nexus Certificate Manager (CM), is used.


Syntax: Install certificate
hwsetup -libname <pkcs11lib> [-slot <slot#>] [-pin <PIN>] [-nopinpad]
[-id <CKA_ID>] [-label <CKA_LABEL>] [-login user|so]
-setcert [<filename>] [-replace]

Options and arguments

For a description of the options libnameslotpinnopinpad, label and login and their arguments, see Generate DSA/EC/RSA key pair.

Options and ArgumentsDescription
setcert <filename>

Use this option to install the certificate, stored in the specified file, in the HSM. The CKA_ID and optional CKA_LABEL attributes are set for the new certificate object.

id <CKA_ID>Use this option to specify the CKA_ID attribute of the public key object that holds the same public key as in the certificate. The id is required for a DSA or EC public key and optional for an RSA public key certificate. Default: The CKA_ID of the RSA public key object with the CKA_MODULUS attribute matching the public key in the certificate.
replace Use this option if you want to remove all the previous installed certificates for the provided slot and id and replace them with the new one. Default: Not flagged


To install the certificate issued by the CA. The certificate is located in the file careply.cer:

Example: Install certificate from file careply.cer
hwsetup -libname crypto -slot 1 -pin abcd -id mykey -setcert careply.cer