Install certificate
This article describes the syntax for how to install a certificate. The hwsetup command line tool, included in Nexus Certificate Manager (CM), is used.
Syntax
Syntax: Install certificate
hwsetup -libname <pkcs11lib> [-slot <slot#>] [-pin <PIN>] [-nopinpad]
[-id <CKA_ID>] [-label <CKA_LABEL>] [-login user|so]
-setcert [<filename>] [-replace]
Options and arguments
For a description of the options libname
, slot
, pin
, nopinpad
, label
and login
and their arguments, see Generate DSA/EC/RSA key pair.
Options and Arguments | Description |
---|---|
setcert <filename> | Use this option to install the certificate, stored in the specified file, in the HSM. The |
id <CKA_ID> | Use this option to specify the CKA_ID attribute of the public key object that holds the same public key as in the certificate. The id is required for a DSA or EC public key and optional for an RSA public key certificate. Default: The CKA_ID of the RSA public key object with the CKA_MODULUS attribute matching the public key in the certificate. |
replace | Use this option if you want to remove all the previous installed certificates for the provided slot and id and replace them with the new one. Default: Not flagged |
Example
To install the certificate issued by the CA. The certificate is located in the file careply.cer:
Example: Install certificate from file careply.cer
hwsetup -libname crypto -slot 1 -pin abcd -id mykey -setcert careply.cer