Importing Your Existing Private CA Files into the UMS
In UMS Console go to UMS Administration > Global Configuration > Cloud Gateway Options.
In the Certificates section, click to import the root certificate.
Choose the CA's root certificate file (PEM format) and click Open. The CA's root certificate appears in the list.
Right-click the CA's root certificate and select Import decrypted private key.
If the private key is protected with a passphrase, you need to decrypt it using the OpenSSL command line tool: openssl rsa -in encrypted.key -out decrypted.key
Choose the decrypted private key file and click Open. If everything went well, a success message is shown. The CA is now ready to use.
Creating a Signed Certificate
Right-click the CA's root certificate and select Create signed certificate.
Fill in the certificate fields:
Display name: Name of the certificate
Your first and last name: Name of the certificate holder
Your organization: Organization or company name
Your city or locality: Location
Your two-letter country code:ISO 3166 country code, e.g. US, UK or ES
Hostname and/or IP address of certificate target server: Host name(s) or IP address(es) for which the certificate is valid. Multiple entries are allowed, separated by semicolons.
All IP addresses and host names by which the ICG will be reachable from within the company network or from outside must be provided here.
Valid until: Local date on which this certifcate expires. (Default: one year from now)
Certificate Type: Select "End Entity".
Click OK. A key pair and a certificate are generated.
Generating keys may take substantial time on virtual machines (VMs), as these do not have a powerful (pseudo) random number source. On Linux VMs this can be improved by installing the haveged package.
