Creating a Certificate for the ICG Using the IGEL UMS

To install the IGEL Cloud Gateway (ICG), you must provide a signed certificate. In order to generate a signed certificate, a root certificate must be generated first in the IGEL Universal Management Suite (UMS).

With UMS 6.03 or higher, you can use the ICG remote installer for creating certificates. This procedure is described here. For the procedure with UMS 6.02 or lower, see How to Create Certificates from an Existing Root Certificate.

Creating the Root Certificate

1. In the UMS Console, go to UMS Administration > UMS Network > Igel Cloud Gateway.
   

2. In the toolbar in the upper right, click the  icon (Install new IGEL Cloud Gateway).
   

3. The ICG remote installer opens. Any existing ICG certificates are shown in the Certificates area.  
   

4. Click to generate a root certificate.
   

5. Fill in the certificate fields:

   • Displayname: Name for the certificate; free text entry

   • Your organization: Organization or company name

   • Your city or locality: Location

   • Your two-letter country code: ISO 3166 country code, e.g. US, UK or ES

   • Valid until: Local date on which the certificate expires. (Default: 10 years from now)

     

     Make sure to define a long duration for the root certificate; 10 years or more are highly recommended. When the root certificate expires, all devices connected to the ICG must be registered again.

6. Click OK.

   

   
   A key pair and a certificate are generated.

   

   Generating keys may take substantial time on virtual machines (VMs), as these do not have a powerful (pseudo) random number source. On Linux VMs this can be improved by installing the haveged package.

   
   The CA's root certificate appears on the list.

   

   The CA is now ready to use.

Creating the Signed Certificate

1. Select the CA's root certificate and click to create a signed certificate.

   

2. Fill in the certificate fields:

• Display name: Name of the certificate

• Your first and last name: Name of the certificate holder

• Your organization: Organization or company name

• Your city or locality: Location

• Your two-letter country code: ISO 3166 country code, e.g. US, UK or ES

• Hostname and/or IP address of certificate target server: Hostname(s) or IP address(es) for which the certificate is valid. Multiple entries are allowed, separated by semicolons.

All IP addresses and hostnames by which the ICG will be reachable from within the company network or from outside must be provided here.

• Valid until: Local date on which this certificate expires. (Default: one year from now)

• Certificate Type: Select "End Entity".
  

3. Click OK.

A key pair and a certificate are generated.

Generating keys may take substantial time on virtual machines (VMs), as these do not have a powerful (pseudo) random number source. On Linux VMs, this can be improved by installing the haveged package.

The signed certificate appears on the list.

4. Continue with Installing the IGEL Cloud Gateway .