Synopsis
cmmkpfx FileName [-ed Environment-directory] {-sn slotID|-tl TokenLabel} |
Description
The cmmkpfx command fetches the EE certificates (including certificates in the path) and private keys corresponding to the specified nickname from the certificate management environment and the key management environment, and outputs a PKCS#12(PFX) data file.
Note that the password that encrypts the UserPIN and PKCS#12(PFX) data is input interactively.
Options that can be specified are shown below.
Options
FileName
Specify the full path of the file name (FileName) that stores the PKCS#12(PFX) data.
Environment-directory
Specify the full path of the operation management directory name (Environment-directory).
-sn SlotID
Specify the slot ID (SlotID) of the token that contains the certificates and keys.
-tl TokenLabel
Specify the TokenLabel set for the token that contains the certificates and keys.
An error occurs if there is more than one of the same label.
-nn NickName
Specify the nickname (NickName).
-eeonly
Specify this option to create PKCS#12(PFX) data that does not include certificates in the path. (Only the certificate specified by the nickname and the corresponding private key are obtained.)
If the PKCS#12(PFX) data created with this option specified is registered in a different environment, a different procedure must be used to register certificates in the path (root CA certificates, etc.).
-userPIN UserPIN
Specify the User-PIN used to access the token.
-password Password
Specify the password that encrypts the PKCS#12(PFX) data.
Spaces cannot be specified.
Command Location
Windows | %CommonProgramFiles%\Fujitsu Shared\F3FSSMEE |
Solaris | /opt/FJSVsmee/bin |
Linux | /opt/FJSVsmee/bin |
Linux x64 | /opt/FJSVsmee64/bin |
Cautions
Use from 6 to 128 characters from the character sets below to specify the password.
Category | Characters |
|---|---|
Alphabetic | A to Z |
Numeric | 0 to 9 |
Symbols | !"#%&'()*+,-./:;<=>?[\]^_{|}~ |
Space | ' ' |
Manage passwords in a way that prevents leaks and theft.
Also, do not set character strings that consist of easily guessed names or words or in which all the same characters are used. Character strings that use a mix of alphanumerics and symbols and are as long as possible are recommended.
Certificates and private keys are not deleted from the certificate/key management environment when they are obtained.
A parameter error occurs if the -userPIN and -password options are not specified at the same time.
If the -userPIN and -password options are specified, the prompt asking for input of the UserPIN and password that encrypts the PKCS#12(PFX) data is not displayed.
Tokens under the slot information directory specified for -sd in the cmsetenv command are the search targets for the token label specified in the -tl option.
An exclusion error might occur if other applications access the token specified in the -tl option.
The certificates targeted to be obtained are the certificates corresponding to the specified nickname and the certificates in the certificate path that is required for verifying that certificate.
The command ends with an error if the private key corresponding to the certificate with the specified nickname does not exist.
The command ends with an error if there are multiple certificates with the specified nickname. Use the cmlistcert command to check and, if you want to obtain the certificate, use the cmchgnickname command to change the nickname.
If the certificate does not exist in the token specified in the -sn | -tl option, the certificates in the certificate management environment are searched.
