Import a Private Key
You can import an existing certificate chain and private key from a PKCS#12 file into the keystore.
You can import an existing certificate chain and private key from a PKCS#12 file into the
Layer7 API Gatewaykeystore.
If the Gateway uses a nCipher nShield HSM, you cannot import a key when the security world complies with FIPS 140-2 level 3.
After you import a private key in a Gateway cluster configured with an internal Hardware Security Module (HSM), you must restart all nodes in the cluster in order for the imported private key to be recognized.
To import a private key:
- In the Policy Manager, select[Tasks] > Certificates, Keys, and Secrets > Manage Private Keysfrom the Main Menu. The Manage Private Keys dialog appears.
- Click [Import]. You are prompted to identify the new private key with an alias.
- Enter a description of the new private key as the alias. You are then prompted for the certificate file.
- Navigate to the PKCS#12 certificate file and then click [Load].
- Enter the pass phrase for the private key and then click [OK]. The imported private key is added to the list.
You are warned if the certificate chain of the private key being imported contains any certificate that is either:
- not yet valid
- contains an Issuer DN that does not match the Subject DN of the next certificate in the chain
- contains a signature that does not verify using the public key of the next certificate in the chain