A keyring holds a keypair and a certificate, and can be used when configuring secure connections on the ProxySG. When a keyring is created, it only contains a keypair. You can associate a certificate with this keyring. If you have multiple certificates, you can configure multiple keyrings and associate the certificates and the keyrings.
The intended recipient of encrypted data generates a private/public keypair, and publishes the public key, keeping the private key secret. The sender encrypts the data with the recipient's public key, and sends the encrypted data to the recipient. The recipient uses the corresponding private key to decrypt the data.
For two-way encrypted communication, the endpoints can exchange public keys, or one endpoint can choose a symmetric encryption key, encrypt it with the other endpoint's public key, and send it.
A keyring contains a public/private keypair. It can also contain a certificate signing request or a signed certificate.