My Oracle Support Banner

How to Remove Expired Certificates within the Keytool Database Bundled with Secure Global Desktop to Resolve 'java.lang.Exception: Certificate not imported, alias already exists' Exceptions (Doc ID 1022246.1)

Last updated on JUNE 15, 2023

Applies to:

Oracle Secure Global Desktop - Version 4.4 to 5.2 [Release 4.0 to 5.0]
Oracle WebCenter Content - Version to [Release 12c]
All Platforms


While working through the documented instructions for securing webservices (SOAP) using x.509 security certificates within a Secure Global Desktop (SGD) deployment, the administrator may receive the following error from the keytool command:

keytool error: java.lang.Exception: Certificate not imported, alias <mykey> already exists

This error is reported by the Java keytool, a bundled utility included with the Secure Global Desktop product that is employed by the tomcat server to secure SOAP communications for the web services interface.   This condition is most likely encountered while the administrator is replacing previously installed security certificates that have expired with updated certificates—potentially leading to a naming collision for each server in the array. 

To resolve the issue, the administrator will need to identify any expired certificates that have been assigned to that host alias within the keytool database, and remove them.  This article explains how this is done.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.