exportcert command

Use the exportcert command to export a certificates from an IBM® Flex System Manager keystore or truststore to a pem file.

Synopsis

smcli [-c] [-prompt] [-user user_name] [-pw password] exportcert options

smcli exportcert [-h | -? | --help]

smcli exportcert [-v] -F file_path -t target_store -f certid _filepath | -a alias_name

Description

The exportcert command exports the certificate with the specified alias name (or issuer name and serial number) and file path from an IBM Flex System Manager keystore or truststore into a pem file. Revoked certificates only apply to Integrated Management Module (IMMv2) events and Chassis Management Module managed systems.

Options

-a | --alias alias_name
Specifies the name of the certificate alias on which to take the action of the command.
-F | --Filepath file_path
Specifies the qualified path and file name of a certificate to import or a certificate name to which to export. When importing, the certificate must be of one of the following two types:
  • Base64-encoded DER certificates, which are enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" in Privacy Enhanced Mail files
  • DER-encoded certificates
-f | --filepath [certid_filepath]
Specifies the qualified path and file name which contains certificate serial numbers and issuer names separated by line breaks.
File should contain certificate serial numbers and issuer names in the following format:
<Serial Number1> <Issuer Name1>
<Serial Number2> <Issuer Name12>
Example:  43214321535321532  CA1
-h | -?
Displays the syntax and a brief description of the command.
Tip: If you specify additional options other than -h | -? | --help, the options are ignored.
--help
Displays detailed information about the command, including the syntax, a description of the command, a description of the options and operands, error codes, and examples.
Tips:
  • If you specify additional options other than -h | -? | --help, the options are ignored.
  • You can also display detailed help in the form of man pages using the man command_name command.
-t | --targetstore {key | trust}

Specifies the target store type on which to take action. The available store type values are "key" and "trust".

-v | --verbose
Writes verbose messages to standard output.

If this option is not specified, this command suppresses noncritical messages.

Exit status

The following codes are returned by this command.
  • 0: The operation completed.
  • 1: A usage error occurred.
  • 2: The command or bundle was not found.
  • 3: The command was not performed because either authentication failed or you are not authorized to perform the action.
  • 10: The file was not found.
  • 51: The certificate with given alias name does not exist.
  • 54: The certificate export task failed.
  • 59: The keystore or truststore will not export the revoked certificate.
  • 65: A certificate with the specified serial number and issuer name does not exist in the specified keystore or truststore.

Examples

  1. Export a certificate from a keystore to a pem file

    This example illustrates how to export the certificate with alias name "cert1" into a keystore and put it at file path "c:\cert1.pem".

    smcli exportcert -a cert1 -F c:\cert1.cer -t key
  2. Export a certificate from a truststore to a pem file

    This example illustrates how to export the certificate with alias name "cert1" into a truststore and put it at file path "c:\cert1.pem".

    smcli exportcert -a cert1 -F c:\cert1.pem -t trust
  3. Export a certificate from a truststore to a pem file based on serial number and issuer name.

    This example illustrates how to export the certificate based on serial number issuer name passed in a file into a truststore and put it at file path "c:\cert1.pem". Output file created will be in the format of fileName_SerialNumber_IssuerName.pem

    smcli exportcert -F c:\cert1.pem -t trust -f