B.21. gateway sslkey import

Imports an SSL key and certificate into the client keystore.

Syntax

gateway sslkey import --keyfile key-file 
                    [ --keyalg RSA|DSA ]
                    { --certfile cert-file |
                      --certfile cert-file.. [ --cacertfile ca-cert-file ] }
                    [ --alwaysoverwrite ]

Description

Imports an SSL private key, and the corresponding SSL certificate, into the client keystore, at /opt/SUNWsgdg/proxy/etc/keystore.client. By default, this keystore contains a single self-signed certificate.

If the client keystore already has an entry, this command overwrites it. By default, a confirmation prompt is shown before overwriting the keystore entry.

To access the client keystore, this command uses the password in /opt/SUNWsgdg/etc/password. If this file is not present, the command prompts for a password.

The following table shows the available options for this command.

Option

Description

--keyfile

File containing the SSL private key. The key must be in Privacy Enhanced Mail (PEM) format.

--keyalg

Encoding algorithm used by the private key. Options are RSA and Digital Signature Algorithm (DSA). By default, RSA is selected.

--certfile

SSL certificate file.

--cacertfile

CA certificate or root certificate file.

--alwaysoverwrite

Do not prompt before overwriting the entry in the client keystore.

To import a certificate chain, use the --cacertfile option to specify the Intermediate CA certificate. All certificates in the chain must be in PEM format.

If a certificate chain uses multiple CA certificates, combine all the CA certificates in the chain into a single file. The CA certificate used to sign the server certificate must appear first, for example:

-----BEGIN CERTIFICATE-----
...Intermediate CA's certificate...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...CA root certificate...
-----END CERTIFICATE-----

Examples

The following example imports an RSA-encoded SSL private key gateway1-ssl.key, and the corresponding SSL certificate gateway1-ssl.pem, into the client keystore.

# /opt/SUNWsgdg/bin/gateway sslkey import \
--keyfile gateway1-ssl.key \
--certfile gateway1-ssl.pem

The following example imports an RSA-encoded SSL private key and an SSL certificate chain into the client keystore. The Intermediate CA certificate is gateway1-ca.pem.

# /opt/SUNWsgdg/bin/gateway sslkey import \
--keyfile gateway1-ssl.key \
--certfile gateway1-ssl.pem \
--cafile gateway1-ca.pem