Document toolboxDocument toolbox

(12.05.100-en) Cloud Gateway Certificates in the IGEL UMS

Owned by Emese Pogany
Aug 30, 2024
3 min read

Here, you can manage the certificates for the communication between the IGEL Cloud Gateway (ICG) and the endpoint devices.

Menu path: UMS Administration > Global Configuration > Certificate Management > Cloud Gateway

For details of how to set up all components for a connection to the ICG, see IGEL Cloud Gateway > ICG Manual > IGEL Cloud Gateway Installation and Setup.

Use

  • IGEL Cloud Gateway > ICG Manual > Administration > How to Exchange the Root Certificate for ICG

  • IGEL Cloud Gateway > ICG Manual > Administration > Renewing a Signed Certificate for the ICG

Possible Actions


image-20240617-135818.png - Create a root certificate.

image-20240617-135835.png - Import a root CA certificate.

image-20240617-135852.png - Create a signed certificate from the CA certificate (root or intermediate) that is currently selected.

image-20240617-135906.png - Remove the selected certificate from the UMS. Only certificates that are not currently in use can be removed.

image-20240617-135933.png - Export the selected end certificate and its complete certificate chain to a keystore in the IGEL Cloud Gateway keystore format.

image-20240617-135940.png - Show the content of the selected certificate. 

image-20240617-135945.png - Navigate to an IGEL Cloud Gateway that is using the selected certificate.

Generate root certificate

Display name: Name in the root certificate (common name, CN).

Your organization: Organization, company, government agency.

Your locality (or random identifier): The location of the organization.

Your two-letter country code: ISO 3166 country code, e.g. DE for Germany.

Valid until: Local date on which the certificate expires. (Default: in 20 years)

Import root certificate

The file selection window opens, allowing you to select the certificate file.

Create a signed certificate

Display name: Name in the certificate (common name, CN).

Your first and last name: Name of the certificate holder.

Your organization: Organization, company, government agency.

Your locality (or random identifier): The location of the organization.

The name in a signed certificate must be different from the one in the root certificate with which it is signed. UMS provides a warning in this case: 

Invalid Certificate



Your two-letter country code: ISO 3166 country code, e.g. DE for Germany.

Host name and/or IP of certificate target server: Host name(s) and IP address(es) for which the certificate is valid. Multiple entries should be separated by a semicolon. To generate a wildcard certificate, use the asterisk, e.g. *.example.com.

Valid until: Local date on which the certificate expires. (Default: in a year)

Certificate type
Possible options:

  • CA Certificate: The certificate can be used to sign other certificates, but it cannot be used by the ICG.

  • End Entity: The certificate can be used by the ICG, but it cannot be used to sign other certificates.

Context menu (root certificate)

Create signed certificate: Collects certificate data and signs them with the selected root certificate.

Import signed certificate: Imports a certificate that was already signed outside the UMS by the imported CA.

Import decrypted private key: Imports a private key file.

If the private key is protected with a passphrase, you must decrypt it on the command line with OpenSSL before importing it: openssl rsa -in encrypted.key -out decrypted.key



Remove certificate: Deletes the certificate from the UMS.

Export certificate chain in the IGEL Cloud Gateway Keystore format: Produces a file for ICG installation program.

Export certificate: Exports certificate file.

Show certificate content: Shows the content of the certificate in a text window.