ckcerttool

ckcerttool -c CARDNAME -f FILENAME -k KMDATAKEYID [-L NAME]
ckcerttool -n -f FILENAME -k KMDATAKEYNAME [-L NAME]
ckcerttool -T -c CARDNAME -f FILENAME [-L NAME]

Do not use PKCS #11 to perform any task that requires an Administrator Card. Use the equivalent nShield utilities instead.

Imports a certificate as a PKCS #11 CKO_CERTIFICATE object of type CKC_X_509, and optionally, associates it with the corresponding private key.

Option Description

Option	Description
Required
`-c, --cardset=CARDNAME`	Name of cardset or softcard to use
`-f, --certfile=FILENAME`	Name of file of certificate (pem format)
`-k, --keyident=KMDATAKEYID`	Provides the NFKM key ident of the corresponding key
`-n, --nopin`	Doesn’t call `C_Login`, the object will be a public object.
Optional
`-L, --certname=NAME`	Gives the certificate a name stored as `CKA_LABEL`. Defaults to the value on the private key or "ncipher-cert" if that is not set. If CKA_LABEL is not set on the key private key CKA_LABEL will be set to this value on the private and public key, if present.
`-T, --trusted`	Sets `CKA_TRUSTED` to `true`.
Help options
`-h`, `--help`	Displays help for `ckcerttool`.
`-u`, `--usage`	Displays a brief usage summary for `ckcerttool`.
`-V`, `--version`	Displays the version number of the Security World Software that deploys `ckcerttool`.

Required

-c, --cardset=CARDNAME

Name of cardset or softcard to use

-f, --certfile=FILENAME

Name of file of certificate (pem format)

-k, --keyident=KMDATAKEYID

Provides the NFKM key ident of the corresponding key

-n, --nopin

Doesn’t call C_Login, the object will be a public object.

Optional

-L, --certname=NAME

Gives the certificate a name stored as CKA_LABEL. Defaults to the value on the private key or "ncipher-cert" if that is not set. If CKA_LABEL is not set on the key private key CKA_LABEL will be set to this value on the private and public key, if present.

-T, --trusted

Sets CKA_TRUSTED to true.

Help options

-h, --help

Displays help for ckcerttool.

-u, --usage

Displays a brief usage summary for ckcerttool.

-V, --version

Displays the version number of the Security World Software that deploys ckcerttool.

Import a cardset- or softcard-protected certificate

ckcerttool -c CARDNAME -f FILENAME -k KMDATAKEYID [-L NAME]

Import module-only (no passphrase or cardset name)

ckcerttool -n -f FILENAME -k KMDATAKEYNAME [-L NAME]

Import a trusted public certificate with no corresponding private key

ckcerttool -T -c CARDNAME -f FILENAME [-L NAME]