Imports an SSL key and certificate into the client keystore.
gateway sslkey import --keyfilekey-file
[ --keyalg RSA|DSA ] { --certfilecert-file
| --certfilecert-file..
[ --cacertfileca-cert-file
] } [ --alwaysoverwrite ]
Imports an SSL private key, and the corresponding SSL certificate,
into the client keystore, at
/opt/SUNWsgdg/proxy/etc/keystore.client
. By
default, this keystore contains a single self-signed certificate.
If the client keystore already has an entry, this command overwrites it. By default, a confirmation prompt is shown before overwriting the keystore entry.
To access the client keystore, this command uses the password in
/opt/SUNWsgdg/etc/password
. If this file is not
present, the command prompts for a password.
The following table shows the available options for this command.
Option | Description |
---|---|
| File containing the SSL private key. The key must be in Privacy Enhanced Mail (PEM) format. |
| Encoding algorithm used by the private key. Options are RSA and Digital Signature Algorithm (DSA). By default, RSA is selected. |
| SSL certificate file. |
| CA certificate or root certificate file. |
| Do not prompt before overwriting the entry in the client keystore. |
To import a certificate chain, use the
--cacertfile
option to specify the Intermediate
CA certificate. All certificates in the chain must be in PEM
format.
If a certificate chain uses multiple CA certificates, combine all the CA certificates in the chain into a single file. The CA certificate used to sign the server certificate must appear first, for example:
-----BEGIN CERTIFICATE----- ...Intermediate CA's certificate
... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ...CA root certificate
... -----END CERTIFICATE-----
The following example imports an RSA-encoded SSL private key
gateway1-ssl.key
, and the corresponding SSL
certificate gateway1-ssl.pem
, into the client
keystore.
# /opt/SUNWsgdg/bin/gateway sslkey import \ --keyfile gateway1-ssl.key \ --certfile gateway1-ssl.pem
The following example imports an RSA-encoded SSL private key and
an SSL certificate chain into the client keystore. The
Intermediate CA certificate is
gateway1-ca.pem
.
# /opt/SUNWsgdg/bin/gateway sslkey import \ --keyfile gateway1-ssl.key \ --certfile gateway1-ssl.pem \ --cafile gateway1-ca.pem