How to import an external certificate in to the Management Center

book

Article ID: 168902

calendar_today

Updated On:

Products

Management Center

Issue/Introduction

If the Management Center is configured to access the internet via a Proxy SG an issue may occur if the SG is configured to intercept HTTPS connections. The proxy will send back a certificate that the Management Center does not know.

To stop this issue the certificate would need to be imported to the Management Center.
 

Resolution

The import process is done via the CLI on the Management Center so you will need to access the CLI and run the following commands:

enable

security ssl import external-certificate <name> <url>

<name> = the name you chose to give the certificate
<url> = this is the URL the Management Center will use to import the certificate

Example:

security ssl import external-certificate proxysgcert https://1.1.1.1:8082/SSL/Download_ca/keyring/default

The above example is for importing the Proxy SG units default certificate on to the Management Center as this is the certificate that is used for the SSL interception on the Proxy SG for this example.

Near the end of the import process a prompt will appear asking:

Are you sure you want to import this as a trusted certificate [Y/N]

If "Y" is selected the import process will complete if "N" is selected then it will not complete.