Skip to main content
Skip table of contents

Install certificate

This article is valid from CM 8.0.

This article describes the syntax for how to install a certificate. The hwsetup command line tool, included in Nexus Certificate Manager (CM), is used.


Syntax: Install certificate

hwsetup -libname <pkcs11lib> [-slot <slot#>] [-pin <PIN>] [-nopinpad]
[-id <CKA_ID>] [-label <CKA_LABEL>] [-login user|so]
-setcert [<filename>] [-replace]

Options and arguments

For a description of the options libnameslotpinnopinpad, label and login and their arguments, see Generate DSA/EC/RSA key pair.

Options and ArgumentsDescription
setcert <filename>

Use this option to install the certificate, stored in the specified file, in the HSM. The CKA_ID and optional CKA_LABEL attributes are set for the new certificate object.

id <CKA_ID>Use this option to specify the CKA_ID attribute of the public key object that holds the same public key as in the certificate. The id is required for a DSA or EC public key and optional for an RSA public key certificate. Default: The CKA_ID of the RSA public key object with the CKA_MODULUS attribute matching the public key in the certificate.
replace Use this option if you want to remove all the previous installed certificates for the provided slot and id and replace them with the new one. Default: Not flagged


To install the certificate issued by the CA. The certificate is located in the file careply.cer:

Example: Install certificate from file careply.cer

hwsetup -libname crypto -slot 1 -pin abcd -id mykey -setcert careply.cer
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.