Import SSL certificate and private key from one Edge SWG (ProxySG) to another.
search cancel

Import SSL certificate and private key from one Edge SWG (ProxySG) to another.

book

Article ID: 166133

calendar_today

Updated On:

Products

ProxySG Software - SGOS ISG Proxy Advanced Secure Gateway Software - ASG

Issue/Introduction

Need to migrate an SSL certificate and private key to another Edge SWG (ProxySG) appliance.

Import SSL Cert & private key via management console (option A)
Import SSL Cert & private key via CLI (option B)

Resolution

Export From Proxy, (where you have the working Certificate) copy the Private Key and Certificate:

1. Login to management console and navigate to Configuration > SSL > Keyrings.
2. Select the keyring/certificate, and click on Edit.
3. Copy the certificate to a notepad file (including the lines containing -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).
4. Export the private key from the original Edge SWG (ProxySG). To get the private key, login to the CLI and type the following commands:
     >enable
     #conf t
     #(config)ssl
     #(config ssl)view keypair unencrypted <keyring-name>
                          *This will display the private key if showable
5. Copy that output into a notepad including the lines containing BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY.

Import to Proxy (Option A, Management Console):

1. Navigate to Configuration > SSL > Keyrings, and Create a new keyring.
2. Give it the same name as the certificate from source Proxy
3. Choose Show key pair
4. Select Import existing private key, then copy the private key from the notepad and click Paste from clipboard.
5. If the private key has a password,  enter that as well; otherwise, untick the Password check box.
6. Click OK and Apply to finish creating of the keyring.
7. Select the new keyring, and click Edit.
8. In the Certificate window, copy the certificate from notepad and select Import > Paste from clipboard
9. Click OK, Close, Apply

Import to Proxy (Option B, CLI):

1. Import private key & certificate
     >enable
     #conf t
     #(config)ssl
     #(config ssl)inline keyring show <keyring-name> eof                         *copy both Private Key & Certificate, example below
      -----BEGIN RSA PRIVATE KEY-----
      MIIEpAIBAAKCAQEAwWF8oTq3xKb8ty4IoS9U9v42yBG99u6533HE0J4joLfSAArS
        ***EXAMPLE***
      IdX+A6SvNhpECa6iLAGx/dBi/nkwPrzY2G/3oxAHqx49J43m9osg6g==
      -----END RSA PRIVATE KEY-----
      -----BEGIN CERTIFICATE-----
      MIID1TCCAr2gAwIBAgIEMgOc3DANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJV
        ***EXAMPLE***
      xdDlcvOHOvvDaCHfSugjtsX2gwjrBQgaSRpTY2pjQBZgEJPChyvZehKXyAD6WUQ1
      hnoZy8SqBKugP3Tqg8uyYzln6oFZ23UMoQ==
      -----END CERTIFICATE-----
      eof
2. Validate import
     proxy#(config ssl)view keyring <keyring-name>

Powered by Wolken Software