(new related group 1)

Running Your Own Private CA with UMS

Voriges Thema

Nächstes Thema

Importing Your Existing Private CA Files into UMS

The following files are needed:

Importing your existing private CA files into the UMS:

  1. In UMS Console go to UMS Administration > Global Configuration > Gateway Options.
  2. In the Certificates section, click cert-icon_0_2 to import the root certificate.
  3. Choose the CA's root certificate file (in PEM format).

    The CA's root certificate appears in the list.

  4. Right-click the CA's root certificate and select Import decrypted private key.

    If the private key is protected with a passphrase, you need to decrypt it using the OpenSSL commandline tool:

    openssl rsa -in encrypted.key -out decrypted.key

  5. Choose the decrypted private key file.

    The CA is now ready to use.

  6. Right-click the CA's root certificate and select Create signed certificate.
  7. Fill in the certificate fields:

    All IP addresses and host names by which the ICG will be reachable from within the company network or from outside must be provided here.

  8. Click OK.

    A key pair and a certificate are generated.

    The signed certificate appears in the list.

    Generating keys may take substantial time on virtual machines (VMs), as these do not have a powerful (pseudo) random number source.

    On Linux VMs this can be improved by installing the haveged package.

  9. Right-click the signed certificate and select Export certificate chain in IGEL Cloud Gateway Keystore Format.

    The file keystore.icg is created. This file will be required for the gateway.

  10. Save the keystore.icg file.