B.9. gateway key import

Imports an SGD Gateway key and SGD Gateway certificate into the SGD Gateway keystore.

Syntax

gateway key import --keyfile key-file 
                 [ --keyalg RSA|DSA ]
                 { --certfile cert-file |
                   --certfile cert-file.. [ --cacertfile ca-cert-file ] }
                 [ --alwaysoverwrite ]

Description

Imports a private key, and the corresponding public key certificate, into the SGD Gateway keystore, at /opt/SUNWsgdg/proxy/etc/keystore.

If the keystore already has an SGD Gateway key entry, it is overwritten. By default, a confirmation prompt is shown.

To access the SGD Gateway keystore, this command uses the password in /opt/SUNWsgdg/etc/password. If this file is not present, the command prompts for a password.

The following table shows the available options for this command.

Option

Description

--keyfile

File containing the private key. The key must be in PEM format.

--keyalg

Encoding algorithm used by the private key. Options are RSA and DSA. By default, RSA is selected.

--certfile

SSL certificate file.

--cacertfile

CA or root certificate file.

--alwaysoverwrite

Do not prompt before overwriting an entry in the keystore.

To import a certificate chain, use the --cacertfile option to specify an Intermediate CA certificate. All certificates in the chain must be in PEM format.

If a certificate chain uses multiple CA certificates, combine all the CA certificates in the chain into a single file. The CA certificate used to sign the server certificate must appear first, for example:

-----BEGIN CERTIFICATE-----
...Intermediate CA's certificate...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...CA root certificate...
-----END CERTIFICATE-----

Examples

The following example imports an RSA-encoded private key gateway1.key, and the corresponding public key certificate gateway1.pem, into the SGD Gateway keystore.

# /opt/SUNWsgdg/bin/gateway key import \
--keyfile gateway1.key \
--certfile gateway1.pem

The following example imports a private key and a certificate chain into the SGD Gateway keystore. The Intermediate CA certificate is gateway1-ca.pem.

# /opt/SUNWsgdg/bin/gateway key import \
--keyfile gateway1.key \
--certfile gateway1.pem \
--cacertfile gateway1-ca.pem