Black Box ET0010A User Manual

Working with Certificates and an HSM

EncrypTight User Guide

275

Exporting a Certificate

For other devices to authenticate the identity of an entity, they might need a copy of the entity’s
certificate. You can use the

keytool export

command to export certificates for this purpose.

To export a certificate:
1 From the command line, use the following command to export a copy of the certificate:

keytool -exportcert -alias <alias> -file <filename>

For example:

keytool -exportcert -alias ETKMS3Cert -file ETKMS3.cer

This exports a copy of the certificate with the alias “ETKMS3Cert” to a file named “ETKMS3.cer.”

Working with Certificates and an HSM

If you purchased an HSM to use with your ETKMS, requesting and installing certificates requires utilities
specific to the software that runs the HSM, as well as keytool commands. The procedures are similar to
those discussed in

“Working with Certificates for EncrypTight and the ETKMSs” on page 272

, but the

commands require specific settings.

Before proceeding, you should review the concepts discussed previously in this chapter.

This section includes the following topics:

●

“Configuring the HSM for Keytool” on page 275

●

“Importing CA Certificates into the HSM” on page 276

●

“Generating a Key Pair for use with the HSM” on page 276

●

“Generating a Certificate Signing Request for the HSM” on page 277

●

“Importing Signed Certificates into the HSM” on page 277

Configuring the HSM for Keytool

Use the following command to configure the HSM to work with the keytool utility.

To configure the HSM to work with keytool commands:
1 At the command line, type:

ctconf -fc

Table 72

Keytool Export Parameters

Parameter

Description

alias

The name of the entry for this certificate in the keystore.

filename

The name of the file that you want to export.