Decrypts an encrypted private key so that you can use it with SGD. This enables you to use an SSL certificate that you are already using with another product such as a web server, rather than obtaining a separate SSL certificate for use exclusively with SGD.
tarantella security decryptkey --enckeyenckeyfile
--deckeydeckeyfile
[ --format PEM|DER ]
The following table shows the available options for this command.
Option | Description |
---|---|
| Specifies the location of the encrypted private key that you want to decrypt. Only keys encrypted by a product that uses SSLeay or OpenSSL certificate libraries can be decrypted.
You must specify the full path to the encrypted private
key file. The path must be readable by the
|
| Specifies a file where the decrypted key is stored. Note For security reasons, it is very important to restrict access to private keys, especially when stored in an unencrypted form. Access to private keys by unauthorized users can result in a serious security breach. Store private keys accordingly.
You must specify the full path to the decrypted key
file. The path must be readable by the
|
| Specifies the format the encrypted key is stored in. Defaults to PEM. |
You can only decrypt private keys that were originally encrypted by a product that uses SSLeay or OpenSSL certificate libraries.
See the Section D.87, “tarantella security certuse” command for information about how to share server SSL certificates in this way.
The following example decrypts the key
/opt/keys/key1
, which is stored in DER
format, placing the decrypted key in
/opt/keys/key2
.
# tarantella security decryptkey \ --enckey /opt/keys/key1 \ --deckey /opt/keys/key2 \ --format DER