Menu path: UMS Administration > Global Configuration > IGEL Cloud Gateway

Here you can create and manage ICG certificates and first-authentication keys for connecting devices via IGEL Cloud Gateway (ICG).

For details of how to set up all components for a connection to the ICG, read Installation and Setup.

Certificates

Generate root certificate

Import root certificate

Generate signed certificate

Delete certificate

Export certificate chain in the IGEL Cloud Gateway Keystore format

Show content of the certificate

Navigate to ICG instance view

Generate root certificate

  • Displayname: Name in the root certificate (common name, CN).
  • Your organization: Organization, company, government agency.
  • Your city or district: The location of the organization.
  • Your two-letter country code: ISO 3166 country code, e.g. DE for Germany.
  • Valid until: Local date on which the certificate expires. (Default: in 10 years)

Import root certificate

  • The file selection window opens, allowing you to select the certificate file which must be in the PEM format.

Generate a signed certificate

  • Name: Name in the certificate (common name, CN).

  • Your first name and surname: Name of the certificate holder.
  • Your organization: Organization, company, government agency.
  • Your city or district: The location of the organization.

    The name in a signed certificate must be different from the one in the root certificate with which it is signed. UMS provides a warning in this case: 

    Invalid Certificate

  • Your country code (two letters): ISO 3166 country code, e.g. DE for Germany.
  • Host name and/or IP of the target server for the certificate: Host name(s) and IP address(es) for which the certificate is valid. Multiple entries should be separated by a semicolon. To generate a wildcard certificate, use the asterisk, e.g. *.example.com.
  • Valid until: Local date on which the certificate expires. (Default: in a year)
  • Certificate type
    Possible options:
    - CA Certificate: The certificate can be used to sign other certificates, but it can not be used by the ICG.
    - End Entity: The certificate can be used by the ICG, but it can not be used to sign other certificates.

Context menu (root certificate)

  • Generate signed certificate: Collects certificate data and signs them with the selected root certificate.
  • Import signed certificate: Imports a certificate in PEM format that was already signed outside the UMS by the imported CA.
  • Import decrypted private key: Imports a private key file.

    If the private key is protected with a passphrase, you must decrypt it on the command line with OpenSSL before importing it: openssl rsa -in encrypted.key -out decrypted.key
  • Delete certificate: Deletes the certificate from the UMS.
  • Export certificate chain in the IGEL Cloud Gateway Keystore format: Produces a file for ICG installation program.
  • Export certificate: Exports certificate file in the PEM format.
  • Show content of the certificate: Shows the content of the certificate in a text window.

First-authentication Keys

Create new one-time passwords

Delete logon data

Disable logon data

Enable logon data

Icon Mailen

Send one-time passwords via mail

Export one-time passwords (in XML, HTML or CSV format)

Icon Kopieren

Allows you to copy one-time passwords to the clipboard

If you send one-time passwords via mail, anyone who can read the mail can log in to the IGEL Cloud Gateway. It is advisable to combine sending via mail with a link to unit IDs.

Create new first-authentication keys

You have the following options here:

  • Create new one-time keys
    • Quantity: Desired number of passwords to be created
  • Create new one-time passwords associated with a device
    • Unit ID
      - Add: Adds unit ID entered in the text field to the list.
      - Select: Selects from the devices in the UMS structure tree.
      - Import: Reads in a CSV file with unit IDs.
  • Create new mass-deployment key
    • Generate random mass-deployment key:

      A random multiple-time password will be generated. (Default)

      You can enter the desired password yourself.