B.21. gateway sslkey import

Imports an SSL key and certificate into the client keystore.


gateway sslkey import --keyfile key-file 
                    [ --keyalg RSA|DSA ]
                    { --certfile cert-file |
                      --certfile cert-file.. [ --cacertfile ca-cert-file ] }
                    [ --alwaysoverwrite ]


Imports an SSL private key, and the corresponding SSL certificate, into the client keystore, at /opt/SUNWsgdg/proxy/etc/keystore.client. By default, this keystore contains a single self-signed certificate.

If the client keystore already has an entry, this command overwrites it. By default, a confirmation prompt is shown before overwriting the keystore entry.

To access the client keystore, this command uses the password in /opt/SUNWsgdg/etc/password. If this file is not present, the command prompts for a password.

The following table shows the available options for this command.




File containing the SSL private key. The key must be in Privacy Enhanced Mail (PEM) format.


Encoding algorithm used by the private key. Options are RSA and Digital Signature Algorithm (DSA). By default, RSA is selected.


SSL certificate file.


CA certificate or root certificate file.


Do not prompt before overwriting the entry in the client keystore.

To import a certificate chain, use the --cacertfile option to specify the Intermediate CA certificate. All certificates in the chain must be in PEM format.

If a certificate chain uses multiple CA certificates, combine all the CA certificates in the chain into a single file. The CA certificate used to sign the server certificate must appear first, for example:

...Intermediate CA's certificate...
...CA root certificate...


The following example imports an RSA-encoded SSL private key gateway1-ssl.key, and the corresponding SSL certificate gateway1-ssl.pem, into the client keystore.

# /opt/SUNWsgdg/bin/gateway sslkey import \
--keyfile gateway1-ssl.key \
--certfile gateway1-ssl.pem

The following example imports an RSA-encoded SSL private key and an SSL certificate chain into the client keystore. The Intermediate CA certificate is gateway1-ca.pem.

# /opt/SUNWsgdg/bin/gateway sslkey import \
--keyfile gateway1-ssl.key \
--certfile gateway1-ssl.pem \
--cafile gateway1-ca.pem