Importing a certificate generated by other devices for intercepting reverse proxy


<< Back to Knowledge Search

Solution

Overview

You want to configure a reverse proxy deployment using a certificated generated on a backend server and submitted to the CA for signing. You must import the certificate onto the ProxySG.

Cause
Resolution

1. Make sure you have the following ready:

> Private key of the certificate. This should be in the PEM format (when you open this in a notepad, it should begin with "BEGIN RSA PRIVATE KEY" and end with "END RSA PRIVATE KEY").

> The certificate. This should be in the PEM format (when you open this in a notepad, it should begin with "BEGIN CERTIFICATE" and end with "END CERTIFICATE").

> SSL license on the SG.

 

2. Create a new keyring, making sure to select the 'Import keyring' option as described in the following steps:

Go to Configuration > SSL > Keyrings > Click on the "Create" button.

Enter a name for the keyring.

Select the following options:

- Show keypair

- Import keyring

Copy the private key into the "Keyring" text box.

Select the "Keyring password" option box and enter the private key password (if any).

Click OK.

Click Apply.

 

3. Import the certificate into the new keyring:

Highlight the new keyring that you created in Step 2 above.

Click the "Edit" button.

Under the "Certificate" section, click the "Import" button.

Copy the certificate into the "Import certificate" text box.

Click OK.

Click Close.

Click Apply.

 

4. Choose the keyring that you created above under the 'HTTPS Reverse Proxy' for the backend server.

Go to Configuration >  Services > Proxy Services > Edit the service (with the assumption that the 'HTTPS Reverse Proxy' service already been created).

Under the 'Proxy settings' section > Keyring >  Choose the keyring that you created on the steps above.

Click OK.

Click Apply.

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4155
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Software      SGOS 5, SGOS 6
Topic      SSL / HTTPS
Article Number      000011790
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat