Skip to main content
Skip table of contents

How Does Endpoint Communication with ICG Work?

Question

How does the communication pattern from endpoint to IGEL Cloud gateway (ICG) work, including handshakes and certificates, given that the One-Time Password (OTP) enrollment/onboarding is used?

Answer

  1. The device is presented with the ICG certificate (or the chain) in the SSL handshake.

  2. By entering the communication token, the user confirms that this is the correct chain (or if it is a public CA, the trust is already established automatically).

  3. As a result, the SSL handshake is successful and an SSL tunnel is established to transfer the data.

  4. In the One-Time Password (OTP) case, the device sends the OTP with the request for enrollment, which the ICG/UMS can then use to authenticate/authorize the device.

  5. A client certificate is issued for the device during the enrollment.

  6. After enrollment, an mTLS connection is used when the websocket connection is established; the ICG/UMS can then authenticate/authorize the device using the client certificate.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.