mrhsm get

Retrieves the contents of the CA and client certificates, and puts them in a file.

Use the mrhsm get command to retrieve the contents of the CA and client certificates, and put them in a file.

You can run this command only as the superuser (root). You can only retrieve the CA certificate chain, and client certificates from the encrypted KMIP configuration file mrhsm.conf. You cannot retrieve the client private key. Keep a copy of the client private key in a secure place. See External KMIP Keystore Overview for more information.

Syntax

# mrhsm get
   [ -cacert <ca-cert> ]  Path to store KMIP server CA certificate in PEM format
   [ -clientcert <cert> ] Path to store client certificate in PEM format
   -sopin <so-pin>        PIN for SO (Security Officer)  

Parameters

cacert

The full or relative path name of the file used to store the CA certificate chain retrieved from the storage pool in PEM format.

clientcert

The full or relative path name of the file used to store the client certificate in PEM format.

sopin
The PIN for the Security Officer. If not specified in the command line, a prompt will be displayed to enter the SO PIN.