How to import an external certificate in to the Management Center
Article ID: 168902
Updated On:
Products
Management Center
Issue/Introduction
If the Management Center is configured to access the internet via a Proxy SG an issue may occur if the SG is configured to intercept HTTPS connections. The proxy will send back a certificate that the Management Center does not know.
To stop this issue the certificate would need to be imported to the Management Center.
To stop this issue the certificate would need to be imported to the Management Center.
Resolution
The import process is done via the CLI on the Management Center so you will need to access the CLI and run the following commands:
enable
security ssl import external-certificate <name> <url>
<name> = the name you chose to give the certificate
<url> = this is the URL the Management Center will use to import the certificate
Example:
security ssl import external-certificate proxysgcert https://1.1.1.1:8082/SSL/Download_ca/keyring/default
The above example is for importing the Proxy SG units default certificate on to the Management Center as this is the certificate that is used for the SSL interception on the Proxy SG for this example.
Near the end of the import process a prompt will appear asking:
Are you sure you want to import this as a trusted certificate [Y/N]
If "Y" is selected the import process will complete if "N" is selected then it will not complete.
enable
security ssl import external-certificate <name> <url>
<name> = the name you chose to give the certificate
<url> = this is the URL the Management Center will use to import the certificate
Example:
security ssl import external-certificate proxysgcert https://1.1.1.1:8082/SSL/Download_ca/keyring/default
The above example is for importing the Proxy SG units default certificate on to the Management Center as this is the certificate that is used for the SSL interception on the Proxy SG for this example.
Near the end of the import process a prompt will appear asking:
Are you sure you want to import this as a trusted certificate [Y/N]
If "Y" is selected the import process will complete if "N" is selected then it will not complete.
Feedback
Powered by
