How to Remove Expired Certificates within the Keytool Database Bundled with Secure Global Desktop to Resolve 'java.lang.Exception: Certificate not imported, alias already exists' Exceptions (Doc ID 1022246.1)

Last updated on MAY 29, 2017

Applies to:

Oracle Secure Global Desktop - Version 4.4 to 5.2 [Release 4.0 to 5.0]
All Platforms
***Checked for relevance on 01-Jul-2014***

Symptoms

While working through the documented instructions for securing webservices (SOAP) using x.509 security certificates within a Secure Global Desktop (SGD) deployment, the administrator may receive the following error from the keytool command:

keytool error: java.lang.Exception: Certificate not imported, alias <mykey> already exists

This error is reported by the Java keytool, a bundled utility included with the Secure Global Desktop product that is employed by the tomcat server to secure SOAP communications for the web services interface.   This condition is most likely encountered while the administrator is replacing previously installed security certificates that have expired with updated certificates—potentially leading to a naming collision for each server in the array. 

To resolve the issue, the administrator will need to identify any expired certificates that have been assigned to that host alias within the keytool database, and remove them.  This article explains how this is done.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms