Configuring Secure ICAP by importing certificate CAS/ICAP Server to ProxySG
search cancel

Configuring Secure ICAP by importing certificate CAS/ICAP Server to ProxySG


Article ID: 170462


Updated On:


Content Analysis Software - CA ProxySG Software - SGOS


This article shows snapshots on how to configure the ProxySG to import a certificate from a ICAP server to establish a Secure ICAP connection


1. From the Content Analysis Server/ICAP, create a certificate. 

NOTE: Remember to match the Common Name(CN) of the certificate to the ICAP URL Hostname/IP address in the ProxySG ICAP settings. Example which will be referred to later as icap://


2. Download or save the certificate.


3. Open the certificate using a text pad editor and copy out the content, inclusive -----BEGIN CERTIFICATE----- until -------END CERTIFICATE-------


4. To import the certificate to the ProxySG, go to Configuration > SSL > CA Certificate. Click Import, give the certificate a name and paste the copied certificate from the text pad into the CA Certificate PEM window.


5. Add the created certificate into the CA Certificate List. Go to Configuration > SSL > CA Certificates, choose the second tab "CA Certificate Lists". 

Click New, look for the created certificate and move it to the right side of the window by clicking "Add>>". Click OK and Apply.



6. After adding into the CA Certificate List, link it to the Device Profiles. Go to Configuration > SSL > Device Profiles and Click New

- Give a name to the Device Profile

- Leave the Keyring as None

- Choose the CA Certificate List created earlier for the CCL

- Click OK and Apply


7. Finally link the Device Profiles with the Secure ICAP settings. Go to Configuration > Content Analysis > ICAP > Click New/Edit the existing ICAP

- Disable the plain ICAP

- Enable Secure ICAP and choose the Device Profile created earlier.

- Click OK and Apply.