/Export Switch
The /Export switch of the Enhanced Storage Certificate Management tool exports a specified certificate from the authentication silo certificate (ASC) store in an IEEE 1667-compliant USB storage device to a file. This switch also supports the export of a certificate signing request (CSR) to a file.
Note In this topic, the specified IEEE 1667-compliant USB storage device is referred to as the target device.
EhStorCertMgrCmd
/Export
-Volume:
VolumeName -Path:PathToFile [-Certificate -Index:IndexValue [-NoType]] [-Request]
Subparameters
-Volume:
The volume name of the target device. For more information about the format of this parameter, see Overview of the Enhanced Storage Certificate Management Tool.
Note To produce a list of the volume names of the IEEE 1667-compliant USB storage devices that are currently connected to a computer, type EhStorCertMgrCmd /List at the command prompt and then press Enter.
-Path
The full path and name of the file that will contain the exported certificate or CSR.
-Certificate:
This switch specifies that the export of a certificate is requested. The following switches are used with this type of request:
-Index
The index within the ASC store where the certificate will be exported from the target device. This switch is required.
-NoType
If this parameter is specified, the tool does not append the certificate type to the file name that was specified by using the -Path parameter.
This switch is optional and must only be used with the -Certificate parameter.
-Request
This switch specifies that the export of a CSR is requested. The CSR is typically sent to a certificate authority (CA) to create an ASC host (ASCh) certificate for the target device.
Comments
If you request the export of a certificate from the device's ASC store, you must specify an index. If the specified index does not contain a certificate, the tool reports an error.
If the -Certificate parameter is specified, the tool will automatically append a string that represents the certificate type to the file name that is specified through the -Path parameter. The following table defines the strings for the various certificate types:
Certificate type string | Description | Index |
---|---|---|
"ASCm" |
The authentication silo certificate (ASC) manufacturer. |
0 |
"ASCh" |
The ASC host certificate that is used to authenticate the certificate authentication silo to the host. |
Any index greater than 1. |
"HCh" |
The host certificate that is used to authenticate the host to the certificate authentication silo. |
Any index greater than 1. |
"PCp" |
The provisioning certificate that is used in administrative command sequences to provision and administer the certificate authentication silos. |
1 |
"SCh" |
The signer certificate that is used to define a certificate that is trusted by the host. This trusted certificate is a chain of the ASCh certificate and zero or more SCh certificates. |
Any index greater than 1. |
"Invalid" |
An unknown certificate type was located at the specified index. |
Not applicable |
For example, the following command, which exports the PCp certificate from the target device, produces a file that is named c:\MyCertificates\myCertPCp.cer:
EhStorCertMgrCmd /export -Certificate -Volume:"\\?\usbstor#ieee1667control&ven_&prod_&rev_#123456789&0&control#{4f40006f-b933-4550-b532-2b58cee614d3}" -Index:1 -Path:c:\MyCertificates\myCert.cer
If you specify the -NoType parameter with the -Certificate parameter, the tool does not append a string for the certificate type to the file name that is specified through the -Path parameter.
Example
The following example shows how to export the certificate at index 1 from the ASC store in the target device:
EhStorCertMgrCmd /export -Certificate -Volume:"\\?\usbstor#ieee1667control&ven_&prod_&rev_#123456789&0&control#{4f40006f-b933-4550-b532-2b58cee614d3}" -Index:1 -Path:c:\MyCertificates\myCert.cer
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for