Installing an Existing Certificate Chain for the ICG

You can use a certificate chain that is already used in your working environment. The certificate chain must contain a root CA certificate and an end certificate and may contain one or more intermediate CA certificates.

Overview

To make sure that your certificates can be used by your IGEL Cloud Gateway installation, see Certificate Requirements and Recommendations for the IGEL Cloud Gateway (ICG).

In the example described here, the following certificate chain is used:

• Root certificate

• Intermediate CA certificate

• End certificate 

When the certificate chain is in place, you can continue with Installing the IGEL Cloud Gateway.

With UMS 6.03 or higher, you can use the ICG remote installer for installing certificates. This procedure is described here. For the procedure with UMS 6.02 or lower, see the how-to How to Install an Existing ICG Certificate Chain in the IGEL UMS.

Importing the Root Certificate

The validity period of the root certificate should be as long as possible. When the root certificate expires, all certificates must be exchanged, and all devices must be registered anew.

1. In the UMS Console, go to UMS Administration > UMS Network > Igel Cloud Gateway.
   

2. In the toolbar in the upper right, click the  icon (Install new IGEL Cloud Gateway).
   

3. The ICG remote installer opens. Any existing ICG certificates are shown in the Certificates area.
     

4. Click  to import the root certificate.
   

5. Choose the CA's root certificate file (PEM format) and click Open.

   

   
   The CA's root certificate appears in the Certificates area.
   

   

6. Continue by importing the intermediate certificate.

Importing the Intermediate Certificate

1. In the ICG remote installer, select the CA certificate and click  to import the intermediate certificate that is signed with the CA certificate.
   

   

2. Choose the intermediate certificate file (PEM format) and click Open.

   

   
   When you click the arrow next to the root certificate, the intermediate certificate appears in the list.
   

   

3. Continue by importing the end certificate.

Importing the End Certificate

1. In the ICG remote installer, select the intermediate certificate and click  to import the end certificate that is signed with the intermediate certificate.
   

   

2. Choose the end certificate file (PEM format) and click Open.

   

3. Click the arrow symbol of the intermediate certificate nearest to the end certificate to make the end certificate appear.

   

4. Select the end certificate and click  to import the decrypted private key.

   

   

   If the private key is protected with a passphrase, you need to decrypt it using the OpenSSL command line tool: openssl rsa -in encrypted.key -out decrypted.key

5. Choose the decrypted private key file and click Open.

   

   
   If everything went well, a success message is shown.
   

   

6. Continue with Installing the IGEL Cloud Gateway.