Synopsis
cmentpfx FileName [-ed Environment-directory ] {-sn slotID|-tl TokenLabel} |
Description
This command registers, in the certificate/private key environment, the certificates and private keys stored in the PKCS#12(PFX) data file.
Input of the UserPIN and the password that decrypts PKCS#12(PFX) data is interactive.
Options that can be specified are shown below.
Options
FileName
Specify the full path of the filename that stores PKCS#12(PFX) data.
-ed Environment-directory
Specify the full path of the operation management directory (Environment-directory). If this option is omitted, the information set in the "CMIPATH" environment variable takes effect.
-sn slotID
Specify the slot ID of the token that registers the private key.
-tl TokenLabel
Specify the TokenLabel set for the token that registers the private key.
-kl KeyLabel
Specify an ASCII character string as the label attached to the private key being registered. If omitted, the private key is registered without a label.
-nn NickName
Specify the nickname (NickName). Spaces cannot be specified at the start or end of the character string.
-entca
If a CA certificate is included in the PKCS#12(PFX) data and that certificate is not yet registered, this option registers the CA certificate.
-sncert
Do not specify this option.
-userPIN UserPIN
Specify the User-PIN used to access the token. The space character cannot be specified. Note that a prompt asking for input of the User-PIN (User-PIN) is not displayed.
This option is not displayed in "Usage" when the command is executed.
-password Password
Specify the password that decrypts the PKCS#12(PFX) data. The space character cannot be specified. Note that a prompt asking for input of the password that decrypts the PKCS#12(PFX) data is not displayed.
This option is not displayed in "Usage" when the command is executed.
Command Location
Windows | %CommonProgramFiles%\Fujitsu Shared\F3FSSMEE |
Solaris | /opt/FJSVsmee/bin |
Linux | /opt/FJSVsmee/bin |
Linux x64 | /opt/FJSVsmee64/bin |
Cautions
Files created by the following product are PKCS#12(PFX) data file targets:
Files exported from the Interstage certificate environment by the scsexppfx command
If the root CA certificate is not registered, a verification error occurs and the certificate is not registered in the PKCS#12(PFX) data.
CRLs included in the PKCS#12(PFX) data file are not handled.
Tokens under the slot information directory specified for -sd in the cmsetenv command are the search targets for the token label specified in the -tl option.
An exclusion error might occur if other applications access the token specified in the -tl option.
Certificates in the certificate path being registered are registered under the character string of the nickname specified at -nn plus a 4-digit number. The 4-digit numbers are in sequence, starting from 0001. For example, if "nickname" is specified in -nn, from the top level of the path, the certificates are registered with the nicknames nickname0001, nickname0002, etc. Before registration, the cmlistcert command must be used to check that no certificates are already registered with the nickname specified by the user and the nickname plus 00*.
If a certificate with the same nickname is already registered, or if the certificate is already registered with a different nickname, an error occurs.
