How to transfer keyring from one ProxySG to another using Management Center

book

Article ID: 171786

calendar_today

Updated On:

Products

Management Center

Issue/Introduction

To transfer the keyring from one ProxySG to another you need to complete the following steps.

Resolution

 

  1. Create Keyring


b. In the WebUI Go to Management Console > Configuration Tab > SSL > Keyrings

 

c. Click the Create button


d. Type a name in the Keyring Name field (ex: CA_Cert)


e. Click OK (if you leave the default setting of "Do not Show Key Pair" you will not be able to copy this keyring to a new device if you should need to in the future)

 

 

 
 
2. Retrieve private key from proxy SG
a. login to the CLI and type the following commands:

enable
conf t
ssl
view keypair unencrypted
<your keyring-name  (ex: CA_Cert)>

b. save Private Key as a text file to use it later

 
3. Save SSL certificates that are installed on the source appliance used for Decryption or MGMT Console etc...(if any Certificate needed is in a Hidden status they will need to be re-created manually)


Note: This can only be done if Show keypair was selected when the keyring was created.


a  In the Management Console, select Configuration > SSL > Keyrings.

b. Click Edit/View.

c. Copy the CSR(if applicable) and Certificate and paste it into a text editor. Make sure that there are no spaces or extra characters.

 

 

 
 

4. Log in to Management Center and create a script


a.>Configuration>Scripts>Add Script>

b.Type a Name

c. Select Type: (Proxy SG or Advanced Gateway)

d. Click “Save”

e. In open editor type in script in this format:

 

 

keyring show <your keyring name> eof

<paste here Private Key followed by certificate>
eof

 
See screenshot below as an example:

 
Once you have a script, select “Execute on Device” to push it out to selected Proxy.