Importing a CA Certificate into the ProxySG Appliance

book

Article ID: 166596

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

A CA Certificate is a certificate that verifies the identity of a Certificate Authority.
 
The certificate is used by the ProxySG to verify server and client certificates.

Resolution

To import an approved CA certificate:

 
  1. Copy the certificate which was saved from the client browser in PEM format to the clipboard.
  2. Select Configuration > SSL > CA Certificates > CA Certificates.
  3. Click Import.
  4. Name the certificate.
  5. Paste the signed CA Certificate into the Import CA Certificate field.
  6. Click OK.
  7. Select Configuration > SSL > CA Certificates > CA Certificate Lists -> browser-trusted
  8. Click Edit.
  9. Select the newly added CA certificate on the left and then click ADD>>.
  10. Click OK  and apply the changes.
 
To view a CA certificate:
 
  1. Select Configuration > SSL > CA Certificates > CA Certificates.
  2. Select the certificate you want to view.
  3. Click View. Examine the contents and click Close.
 
To delete a CA certificate:
 
  1. Select Configuration > SSL > CA Certificates > CA Certificates.
  2. Select the certificate to delete.
  3. Click Delete.
  4. Click OK.
 
Note: Spaces in CA Certificate names are not supported. Including a space can cause unexpected errors while using such certificates.
 
-----------------------------------------------------------------------------------------------------
 
Steps for saving CA certifcate from Firefox, as an example :
 
  1. After going to an HTTPS site, click on the 'lock' icon on the right bottom of the browser.
  2. Click View Certificate ->Details.
  3. Select the CA certificate under Certificate Hierarchy.
  4. Click Export and save it as X.509 Certificate (PEM).
  5. Open the Saved file in a text editor and copy the certifacate including both the --BEGIN CERTIFICATE--and --END CERTIFICATE-- lines to the clipboard.
  6. Now, the follow the steps mentioned above under "Importing a CA Certificate to the proxy."
 
Note: Depending on the Web browser versions, the above steps could vary.