ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Import a CA Certificate using the CLI

book

Article ID: 173433

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

You do not have access to the management console and would like to import a CA certificate using the CLI.

Resolution

  1. Log in to the CLI then enter the commands in the following steps.
  2. en
    • then enter the enable password
  3. conf t
  4. ssl
  5. inline ca-certificate nameforcert eof
    • nameforcert is a name for the certificate on the proxy
    • eof is any string that you will enter to tell the CLI that you have finished pasting the cert
  6. Copy the PEM format of the certificate to your clipboard and paste in the CLI
  7. Enter the eof string


At this point the ca certificate is added to the proxy, however, the SSL proxy validates certificates for the server connection through the browser-trusted CCL list by default. The cert will need to be added to this list. Continuing in CLI from the previous point:

  1. edit ccl browser-trusted
  2. add nameforcert


Below is a sample session to complement the instructions, where ACNLB is the nameforcert and endofcert is the eof:

User-added image

User-added image