How to transfer keyring from one ProxySG to another using Management Center


Article ID: 171786


Updated On:


Management Center


To transfer the keyring from one ProxySG to another you need to complete the following steps.



  1. Create Keyring

b. In the WebUI Go to Management Console > Configuration Tab > SSL > Keyrings


c. Click the Create button

d. Type a name in the Keyring Name field (ex: CA_Cert)

e. Click OK (if you leave the default setting of "Do not Show Key Pair" you will not be able to copy this keyring to a new device if you should need to in the future)



2. Retrieve private key from proxy SG
a. login to the CLI and type the following commands:

conf t
view keypair unencrypted
<your keyring-name  (ex: CA_Cert)>

b. save Private Key as a text file to use it later

3. Save SSL certificates that are installed on the source appliance used for Decryption or MGMT Console etc...(if any Certificate needed is in a Hidden status they will need to be re-created manually)

Note: This can only be done if Show keypair was selected when the keyring was created.

a  In the Management Console, select Configuration > SSL > Keyrings.

b. Click Edit/View.

c. Copy the CSR(if applicable) and Certificate and paste it into a text editor. Make sure that there are no spaces or extra characters.




4. Log in to Management Center and create a script

a.>Configuration>Scripts>Add Script>

b.Type a Name

c. Select Type: (Proxy SG or Advanced Gateway)

d. Click “Save”

e. In open editor type in script in this format:



keyring show <your keyring name> eof

<paste here Private Key followed by certificate>

See screenshot below as an example:

Once you have a script, select “Execute on Device” to push it out to selected Proxy.