(new related group 1)

Licensing ICG

Voriges Thema

Nächstes Thema

Generating an ICG Certificate

In order to provide an encrypted network connection and for authentication, ICG needs a TLS/SSL certificate. UMS in version 5.06.100 and newer lets you create your own root certificate and sign the ICG server certificate with it.

For other certificate options refer to the How-To Managing ICG Certificates with UMS.

  1. In UMS Console go to UMS Administration > Global Configuration > Cloud Gateway Options.
  2. In the Certificates section, click cert-icon_0_1 to generate a root certificate.
  3. Fill in the certificate fields:
  4. Click OK.

    A key pair and a certificate are generated.

    Generating keys may take substantial time on virtual machines (VMs), as these do not have a powerful (pseudo) random number source.

    On Linux VMs this can be improved by installing the haveged package.

    The CA's root certificate appears in the list.

    The CA is now ready to use.

  5. Right-click the CA's root certificate and select Create signed certificate.
  6. Fill in the certificate fields:

    The display name in the server certificate must not be the same as in the root certficate.

    All IP addresses and host names by which the ICG will be reachable from within the company network or from outside must be provided here.

    Example:

    192.30.30.1;IGEL.COM;TEST123.DE

  7. Click OK.

    A key pair and a certificate are generated.

    The signed certificate appears in the list.

  8. Right-click the signed certificate and select Export certificate chain to IGEL Cloud Gateway keystore format.

    The file keystore.icg is created. This file will be required for the gateway.

  9. Save the keystore.icg file.