Commands for cryptographic device operations

-keydb -changepw
Change the password for a cryptographic device:
-keydb -changepw -crypto module_name -tokenlabel token_label
    -pw password -new_pw new_password 
-keydb -list
List currently-supported types of key database:
-keydb -list 
-cert -add
Add a certificate from a file to a cryptographic device:
-cert -add -crypto module_name -tokenlabel token_label
    -pw password -label label -file filename -format ascii | binary
-cert -create
Create a self-signed certificate on a cryptographic device:
-cert -create -crypto module_name -tokenlabel token_label 
    -pw password -label label -dn distinguished_name -size 1024 | 512
    -x509version 3 | 1 | 2 -default_cert no | yes -expire days
-cert -delete
Delete a certificate on a cryptographic device:
-cert -delete -crypto module_name -tokenlabel token_label
    -pw password -label label
-cert -details
List the detailed information for a specific certificate on a cryptographic device:
-cert -details -crypto module_name -tokenlabel token_label 
    -pw password -label label

List the detailed information and show the full certificate for a specific certificate on a cryptographic device:

-cert -details -showOID -crypto module_name -tokenlabel token_label 
    -pw password -label label
-cert -extract
Extract a certificate from a key database:
-cert -extract -crypto module_name -tokenlabel token_label
    -pw password -label label -target filename -format ascii | binary
-cert -import
Import a certificate to a cryptographic device with secondary key database support:
-cert -import -db filename -pw password -label label -type cms
    -crypto module_name -tokenlabel token_label -pw password
    -secondaryDB filename -secondaryDBpw password

Import a PKCS #12 certificate to a cryptographic device with secondary key database support:

-cert -import -file filename -pw password -type pkcs12
    -crypto module_name -tokenlabel token_label -pw password
    -secondaryDB filename -secondaryDBpw password
Note:
You cannot import a certificate containing multiple OU (organizational unit) attributes in the distinguished name.
-cert -list
List all certificates on a cryptographic device:
-cert -list all | personal | CA 
    -crypto module_name -tokenlabel token_label -pw password
-cert -receive
Receive a certificate from a file to a cryptographic device with secondary key database support:
-cert -receive -file filename -crypto module_name -tokenlabel token_label 
    -pw password  -default_cert yes | no
    -secondaryDB filename -secondaryDBpw password -format ascii | binary
-certreq -create
Create a certificate request on a cryptographic device:
-certreq -create -crypto module_name -tokenlabel token_label 
    -pw password -label label -dn distinguished_name
    -size 1024 | 512 -file filename
-certreq -delete
Delete a certificate request from a cryptographic device:
-certreq -delete -crypto module_name -tokenlabel token_label 
    -pw password -label label
-certreq -details
List the detailed information of a specific certificate request on a cryptographic device:
-certreq -details -crypto module_name -tokenlabel token_label 
    -pw password -label label

List the detailed information about a certificate request and show the full certificate request on a cryptographic device:

-certreq -details -showOID -crypto module_name -tokenlabel token_label 
    -pw password -label label
-certreq -extract
Extract a certificate request from a certificate request database on a cryptographic device into a file:
-certreq -extract -crypto module_name -tokenlabel token_label 
    -pw password -label label -target filename
-certreq -list
List all certificate requests in the certificate request database on a cryptographic device:
-certreq -list -crypto module_name -tokenlabel token_label 
    -pw password