Skip to main content
Skip table of contents

Updating Expired ICG Keystores

Security Warning

Never replace a root certificate!

The thin clients trust the root certificate. If the root certificate is replaced, the thin clients need to be reregistered with the UMS!

You can update an expired ICG keystore either manually or using the ICG Keystore Update wizard.

To update a keystore manually:

  1. Start the UMS Console.

  2. Under UMS Administration, go to Global Configuration > Certificate Management > Cloud Gateway.

  3. Right-click the keystore; from the context menu, choose Create signed certificate.

  4. Right-click your newly created certificate; from the context menu, choose Export certificate chain to IGEL Cloud Gateway keystore format.

  5. Now transfer the keystore.icg keystore file to the ICG host.

  6. Run /opt/IGEL/icg/keystore_update keystore.icg as root. 


    • Install python to run (if python is not installed you will get an error)
    • To install python use sudo apt install python

    The keystore will be replaced with the new one.
    Reboot the ICG manually.
    The UMS and the devices will automatically reconnect to the ICG.

To update a keystore using the ICG Keystore Update Wizard:

The ICG Keystore Update wizard introduced in UMS 5.09.100 offers a more convenient method to update an expired keystore.

See How to Renew the ICG Certificate.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.