To transfer the keyring from one ProxySG to another you need to complete the following steps.
b. In the WebUI Go to Management Console > Configuration Tab > SSL > Keyrings
c. Click the Create button
d. Type a name in the Keyring Name field (ex: CA_Cert)
e. Click OK (if you leave the default setting of "Do not Show Key Pair" you will not be able to copy this keyring to a new device if you should need to in the future)
2. Retrieve private key from proxy SG
a. login to the CLI and type the following commands:
enable <your keyring-name (ex: CA_Cert)>
view keypair unencrypted
b. save Private Key as a text file to use it later
3. Save SSL certificates that are installed on the source appliance used for Decryption or MGMT Console etc...(if any Certificate needed is in a Hidden status they will need to be re-created manually)
Note: This can only be done if Show keypair was selected when the keyring was created.
a In the Management Console, select Configuration > SSL > Keyrings.
b. Click Edit/View.
c. Copy the CSR(if applicable) and Certificate and paste it into a text editor. Make sure that there are no spaces or extra characters.
4. Log in to Management Center and create a script
b.Type a Name
c. Select Type: (Proxy SG or Advanced Gateway)
d. Click “Save”
e. In open editor type in script in this format:
keyring show <your keyring name>
<paste here Private Key followed by certificate>
See screenshot below as an example:
Once you have a script, select “Execute on Device” to push it out to selected Proxy.