Tie and proxy certificate renewal.


Article ID: 223305


Updated On:


Web Isolation


While importing the newly created certificate it gives "Certificate does not allow "Key encipherments" usage" error.


Here customer needs to create new certificates using the fg_generate_csr command and if the customer try to import the server certificate under System Configuration it will  "Certificate does not allow "Key encipherments" usage" error as below:


Instead of importing the created certificate under server i.e. System Configuration → Trusted Certificates → New Trusted
Certificate we have to import the CA cert in Zones which in return will update all the management and gateway certificates. 

Please follow the below steps:

1. In the Management UI, go to:
System Configuration → Zones → <your zone> → Edit

2. Select one of the following options:
 Use a Custom CA Certificate - Select the System CA object to be associated with your Zone. If you have not yet created the System CA object, add it now, and then select it. 

-It is good practice to have a password-protected CA private key. In this case, you must supply the password to be able to import the key.

3. Click Update to save your changes and close the Update Zone window.

4. Push settings.