ckcerttool

ckcerttool -c CARDNAME -f FILENAME -k KMDATAKEYID [-L NAME]
ckcerttool -n -f FILENAME -k KMDATAKEYNAME [-L NAME]
ckcerttool -T -c CARDNAME -f FILENAME [-L NAME]
Do not use PKCS #11 to perform any task that requires an Administrator Card. Use the equivalent nShield utilities instead.

Imports a certificate as a PKCS #11 CKO_CERTIFICATE object of type CKC_X_509, and optionally, associates it with the corresponding private key.

Option Description

Required

-c, --cardset=CARDNAME

Name of cardset or softcard to use

-f, --certfile=FILENAME

Name of file of certificate (pem format)

-k, --keyident=KMDATAKEYID

Provides the NFKM key ident of the corresponding key

-n, --nopin

Doesn’t call C_Login, the object will be a public object.

Optional

-L, --certname=NAME

Gives the certificate a name stored as CKA_LABEL. Defaults to the value on the private key or "ncipher-cert" if that is not set. If CKA_LABEL is not set on the key private key CKA_LABEL will be set to this value on the private and public key, if present.

-T, --trusted

Sets CKA_TRUSTED to true.

Help options

-h, --help

Displays help for ckcerttool.

-u, --usage

Displays a brief usage summary for ckcerttool.

-V, --version

Displays the version number of the Security World Software that deploys ckcerttool.

Import a cardset- or softcard-protected certificate

ckcerttool -c CARDNAME -f FILENAME -k KMDATAKEYID [-L NAME]

Import module-only (no passphrase or cardset name)

ckcerttool -n -f FILENAME -k KMDATAKEYNAME [-L NAME]

Import a trusted public certificate with no corresponding private key

ckcerttool -T -c CARDNAME -f FILENAME [-L NAME]