How to Renew the ICG Certificate
You can renew your IGEL Cloud Gateway (ICG) certificate using the ICG Keystore Update Wizard. The ICG Keystore Update Wizard simplifies the upload of a new keystore to the ICG server.
Prerequisites
UMS 5.09.100 or higher
An ICG keystore you wish to update
SSH root access to the host running the ICG; as of UMS 5.09.110, it is sufficient for the SSH user to have sudo privileges
Instructions
To update a keystore, proceed as follows:
Start the UMS Console.
Go to UMS Administration > Global Configuration > Certificate Management > Cloud Gateway.
If your signed certificate has expired, create a new signed certificate:
Select the appropriate root certificate, open the context menu and select Create signed certificate.
Enter the required data and click OK.
Select the signed certificate that is to be used. If you omit this step, an error message will be shown in the next step.
Go to UMS Administration > UMS Network > IGEL Cloud Gateway.
In the toolbar in the upper right, click
The Keystore Update wizard opens.
Select the keystore you want transfer to the ICG server, then click Next.
Enter the SSH connection parameters.
SSH host: The host the ICG is running on (Default:
localhost)SSH port: SSH port (Default:
22)
The SSH user needs to have at least sudo privileges. For more on how to grant privilege, seeGiving a User sudo Privileges .
Root access to the SSH server is a security risk!
If you permit root login for SSH, it is recommended to disable root login when the ICG installation has finished.
SSH user: SSH user
Authentication method: Password or SSH key
If you use Password as the Authentication method, enter the SSH password of an SSH user with sudo permissions (typically the same user that installed the ICG).
If you use SSH Key as the Authentication method, enter the SSH Keypath and the Admin Password (the sudo password).
Click Next to start the update process.
The keystore is being updated.
Click Finish.