Installing an Existing Certificate Chain

Overview

You can use a certificate chain that is already used in your working environment. The certificate chain must contain a root CA certificate and an end certificate and may contain one or more intermediate CA certificates.

To make sure that your certificates can be used by your IGEL Cloud Gateway installation, see Certificate Requirements and Recommendations for the IGEL Cloud Gateway (ICG).

In the example described here, the following certificate chain is used:

• Root certificate
• Intermediate CA certificate
• End certificate 

When the certificate chain is in place, you can continue with Installing the IGEL Cloud Gateway.

Importing the Root Certificate

The validity period of the root certificate should be as long as possible. When the root certificate expires, all certificates must be exchanged, and all devices must be registered anew.

1. In the UMS Console, go to UMS Administration > Global Configuration > Cloud Gateway Options.
2. In the Certificates section, click  to import the root certificate.
3. Choose the CA's root certificate file (PEM format) and click Open.
   
   The CA's root certificate appears in the list.
   

Importing the Intermediate Certificate

1. In the UMS Console, go to UMS Administration > Global Configuration > Cloud Gateway Options.
2. Open the context menu of the root certificate and select Import signed certificate.
   
3. Choose the intermediate certificate file (PEM format) and click Open.
   
   The intermediate certificate appears in the list.
   

Importing the End Certificate

1. In the UMS Console, go to UMS Administration > Global Configuration > Cloud Gateway Options.
2. Open the context menu of the intermediate certificate nearest to the client certificate and select Import signed certificate.
   
3. Choose the client certificate file (PEM format) and click Open.
   
4. Click the arrow symbol of the intermediate certificate nearest to the client certificate to make the client certificate appear.
   
5. Right-click the client certificate and select Import decrypted private key.

   
   

   

   If the private key is protected with a passphrase, you need to decrypt it using the OpenSSL command line tool: openssl rsa -in encrypted.key -out decrypted.key

6. Choose the decrypted private key file and click Open.
   
   If everything went well, a success message is shown.