Importing a certificate generated by other devices for intercepting reverse proxy



You want to configure a reverse proxy deployment using a certificated generated on a backend server and submitted to the CA for signing. You must import the certificate onto the ProxySG.


1. Make sure you have the following ready:

> Private key of the certificate. This should be in the PEM format (when you open this in a notepad, it should begin with "BEGIN RSA PRIVATE KEY" and end with "END RSA PRIVATE KEY").

> The certificate. This should be in the PEM format (when you open this in a notepad, it should begin with "BEGIN CERTIFICATE" and end with "END CERTIFICATE").

> SSL license on the SG.


2. Create a new keyring, making sure to select the 'Import keyring' option as described in the following steps:

Go to Configuration > SSL > Keyrings > Click on the "Create" button.

Enter a name for the keyring.

Select the following options:

- Show keypair

- Import keyring

Copy the private key into the "Keyring" text box.

Select the "Keyring password" option box and enter the private key password (if any).

Click OK.

Click Apply.


3. Import the certificate into the new keyring:

Highlight the new keyring that you created in Step 2 above.

Click the "Edit" button.

Under the "Certificate" section, click the "Import" button.

Copy the certificate into the "Import certificate" text box.

Click OK.

Click Close.

Click Apply.


4. Choose the keyring that you created above under the 'HTTPS Reverse Proxy' for the backend server.

Go to Configuration >  Services > Proxy Services > Edit the service (with the assumption that the 'HTTPS Reverse Proxy' service already been created).

Under the 'Proxy settings' section > Keyring >  Choose the keyring that you created on the steps above.

Click OK.

Click Apply.

Additional Information
Bug Number
InQuira Doc IdKB4155

Article Feedback

Did this Article solve your issue?
Additional Comments:
Previous MonthNext Month