Import a Private Key

You can import an existing certificate chain and private key from a PKCS#12 file into the keystore.
gateway91
You can import an existing certificate chain and private key from a PKCS#12 file into the
Layer7 API Gateway
keystore.
If the Gateway uses a nCipher nShield HSM, you cannot import a key when the security world complies with FIPS 140-2 level 3.
After you import a private key in a Gateway cluster configured with an internal Hardware Security Module (HSM), you must restart all nodes in the cluster in order for the imported private key to be recognized.
To import a private key:
  1. In the Policy Manager, select
    [Tasks] > Certificates, Keys, and Secrets > Manage Private Keys
    from the Main Menu. The Manage Private Keys dialog appears.
  2. Click [
    Import
    ]. You are prompted to identify the new private key with an alias.
  3. Enter a description of the new private key as the alias. You are then prompted for the certificate file.
  4. Navigate to the PKCS#12 certificate file and then click [
    Load
    ].
  5. Enter the pass phrase for the private key and then click [
    OK
    ]. The imported private key is added to the list.
You are warned if the certificate chain of the private key being imported contains any certificate that is either:
  • expired
  • not yet valid
  • contains an Issuer DN that does not match the Subject DN of the next certificate in the chain
  • contains a signature that does not verify using the public key of the next certificate in the chain