mrhsm get
Retrieves the contents of the CA and client certificates, and puts them in a file.
Use the mrhsm get
command to retrieve the contents of the CA and
client certificates, and put them in a file.
You can run this command only as the superuser (root
). You can only
retrieve the CA certificate chain, and client certificates from the encrypted KMIP configuration file
mrhsm.conf
. You cannot retrieve the client private key. Keep a copy
of the client private key in a secure place. See External KMIP Keystore Overview for more information.
Syntax
# mrhsm get
[ -cacert <ca-cert> ] Path to store KMIP server CA certificate in PEM format
[ -clientcert <cert> ] Path to store client certificate in PEM format
-sopin <so-pin> PIN for SO (Security Officer)
Parameters
- cacert
-
The full or relative path name of the file used to store the CA certificate chain retrieved from the storage pool in PEM format.
- clientcert
-
The full or relative path name of the file used to store the client certificate in PEM format.
- sopin
- The PIN for the Security Officer. If not specified in the command line, a prompt will be displayed to enter the SO PIN.