This article shows snapshots on how to configure the ProxySG to import a certificate from a ICAP server to establish a Secure ICAP connection
1. From the Content Analysis Server/ICAP, create a certificate.
NOTE: Remember to match the Common Name(CN) of the certificate to the ICAP URL Hostname/IP address in the ProxySG ICAP settings. Example 10.10.10.10 which will be referred to later as icap://10.10.10.10/avscan
2. Download or save the certificate.
3. Open the certificate using a text pad editor and copy out the content, inclusive -----BEGIN CERTIFICATE----- until -------END CERTIFICATE-------
4. To import the certificate to the ProxySG, go to Configuration > SSL > CA Certificate. Click Import, give the certificate a name and paste the copied certificate from the text pad into the CA Certificate PEM window.
5. Add the created certificate into the CA Certificate List. Go to Configuration > SSL > CA Certificates, choose the second tab "CA Certificate Lists".
Click New, look for the created certificate and move it to the right side of the window by clicking "Add>>". Click OK and Apply.
6. After adding into the CA Certificate List, link it to the Device Profiles. Go to Configuration > SSL > Device Profiles and Click New
- Give a name to the Device Profile
- Leave the Keyring as None
- Choose the CA Certificate List created earlier for the CCL
- Click OK and Apply
7. Finally link the Device Profiles with the Secure ICAP settings. Go to Configuration > Content Analysis > ICAP > Click New/Edit the existing ICAP
- Disable the plain ICAP
- Enable Secure ICAP and choose the Device Profile created earlier.
- Click OK and Apply.