HSM System Certificate Parameters
The following table provides the parameters for the CreateSystemCert, ImportSystemCert, and ExportSystemCert commands.
| Parameter | Description |
|---|---|
| autogen | Whether to use system generated information to control access to the key and keystore. Must be set to false for keys on HSMs. |
| alias | The key name stored in the HSM. Only alias names containing characters a-z, A-Z, 0-9 or hyphen (-), and whose total length is no longer than the system GUID length. |
| Certtype | The certificate type to import. Four types of certificate files are supported: pkcs12, pkcs8, pem, and keystore. Sterling B2B Integrator only supports pem keys encrypted with DES or 3DES.Use keystore to list or import the keystore. |
| certname | The name to assign the certificate in the Sterling B2B Integrator database. |
| file | Keycert or PEM file to import. |
| keyname | The name of the Sterling B2B Integrator system key to create. |
| keypass | The PIN for the token protecting the SafeNet or nCipher HSM where the keystore resides. |
| key passphrase | The passphrase for the private key. This value is optional on the command line. If you do not provide it, you are prompted for it. |
| keysize | The length, in bits, of the RSA modulus. Valid values are 1024, 2048, 3072, or 4096 |
| keystoretype | The keystore type to import. Valid value is PKCS11IMPLKS (5.2.6.2 onwards). |
| keystoreprovider | The provider type. Valid values are LunaProvider and SunPKCS11-<value of name property as set in HSM configuration file>(6.2.1.0 onwards). For example, SunPKCS11-B2Bi. |
| keytype | The public key algorithm. RSA is the only supported algorithm. |
| ObjectID | The ID of the system certificate. |
| pkcs12file | The pkcs12 file to import. |
| password | Store passphrase for the keycert or PEM file. |
| pkcs12storepass | The store passphrase for the PKCS12 file. |
| pkcs12keypass | The key passphrase used to encrypt the private key in the PKCS12 file. |
| provider | The provider of the keystore type. Valid values are LunaProvider and SunPKCS11-B2Bi (6.2.1 onwards). |
| rfc1779rdnsequence | The distinguished name string field contains any
of the fields identified in the Valid Values column. Only the CN field
is required. Separate each field with a comma. Valid information:
|
| storetype | The keystore type. Valid value is PKCS11IMPLKS (5.2.6.2 onwards). |
| signingbit | Sets the sign key usage bit for the self-signed certificate. Value values are true or false. |
| serial | The certificate serial number. |
| system passphrase | The Sterling B2B Integrator system passphrase. This value is optional on the command line. |
| store passphrase | The passphrase for accessing the keystore. This value is optional on the command line. If you do not provide it, you are prompted for it. |
| systempass | The Sterling B2B Integrator system passphrase. |
| storepass | The PIN for the token protecting the SafeNet or nCipher HSM where the keystore resides. |
| totrusttable | Determines if the certificate is added to the trusted certificate table. Value values are true or false. |
| validityindays | Length of time in days that the certificate is valid. |