Skip to main content
Skip table of contents

How to Renew a Signed Certificate for the ICG

When the signed certificate of your ICG installation is about to expire, you must renew it, that is, replace it by a newer certificate which is compatible to the current one. You can renew a certificate using the update keystore function of the UMS or locally on the machine hosting the ICG. Using the update keystore function of the UMS is recommended; this method is described in this article.

The new certificate is compatible if the following conditions are met:

  • The new certificate is issued from the same root certificate as the current certificate

  • The new certificate contains the same IP addresses or host names as the current certificate

  • The new certificate is a signed certificate

Creating a New Certificate

If you do not already have a new certificate:

  1. In the UMS Console, go to UMS Administration > Global Configuration > Certificate Management > Cloud Gateway.

  2. Open the context menu on the appropriate root certificate and select Create signed certificate.

  1. Fill in the certificate fields (most likely, the data will be the same as for the current certificate):

    • Displayname: Name of the certificate

    The display name in the server certificate must not be the same as in the root certificate.

    • Your first and last name: Name of the certificate holder

    • Your organization: Organization or company name

    • Your city or locality: Location

    • Your two-letter country code: ISO 3166 country code, e.g. US, UK or ES

    • Hostname and/or IP address of certificate target server: Same Host name(s) or IP address(es) as in the current certificate.

    • Key: The Key Specification used for Cloud Gateway certificates. A default value is used and cannot be changed. The value is: RSA with Key Size of 4096 bits

    • Signature Algorithm: The Signature Algorithm used for Cloud Gateway certificates. A default value is used and cannot be changed. The value is SHA512withRSA

    • Valid until: Local date on which the certificate expires. (Default: one year from now)

    • Certificate Type: Select "End Entity".

  2. Click OK.

    image-20241008-181214.png


    The new certificate is shown.

    image-20240611-133308.png

Updating the Keystore

  1. In the UMS console, go to UMS Administration > UMS Network > IGEL Cloud Gateway.

  2. Select the ICG for which you want to renew the certificate and click 

    Update Keystore
    .
    The Update Keystore wizard opens; it shows the certificates which can be used for renewal.

  3. Select the new certificate and click Next.

  1. Enter the SSH parameters:

    • SSH host: IP address or hostname under which the UMS can reach the ICG

    • SSH port: SSH port (Default: 22)

    • SSH user: The same user that has been used for the remote installer

  1. Select the Authentication method.

If you use Password as the Authentication method, enter the SSH password for the SSH user that exists at the ICG server (typically the same user that installed the ICG).

image-20250109-185528.png

If you use SSH Key as the Authentication method, enter the SSH Keypath and the Admin Password (the sudo password).

image-20250109-185519.png

  1. Click Next and wait for the keystore to update.

  2. When the update is finished, click Finish.

  3. Go to UMS Administration > Global Configuration > Certificate Management > Cloud Gateway and check if the Used flag is set for the new certificate. 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close