Document toolboxDocument toolbox

Cloud Gateway Certificates in the IGEL UMS

Here, you can manage the certificates for the communication between the IGEL Cloud Gateway (ICG) and the endpoint devices.


Menu path: UMS Administration > Global Configuration > Certificate Management > Cloud Gateway

For details of how to set up all components for a connection to the ICG, see IGEL Cloud Gateway > ICG Manual > IGEL Cloud Gateway Installation and Setup.

Use

  • IGEL Cloud Gateway > ICG Manual > Administration > How to Exchange the Root Certificate for ICG

  • IGEL Cloud Gateway > ICG Manual > Administration > Renewing a Signed Certificate for the ICG

Possible Actions


image-20240617-135818.png - Create a root certificate.

image-20240617-135835.png - Import a root CA certificate.

image-20240617-135852.png - Create a signed certificate from the CA certificate (root or intermediate) that is currently selected.

image-20240617-135906.png - Remove the selected certificate from the UMS. Only certificates that are not currently in use can be removed.

image-20240617-135933.png - Export the selected end certificate and its complete certificate chain to a keystore in the IGEL Cloud Gateway keystore format.

image-20240617-135940.png - Show the content of the selected certificate. 

image-20240617-135945.png - Navigate to an IGEL Cloud Gateway that is using the selected certificate.

Generate root certificate

Display name: Name in the root certificate (common name, CN).

Your organization: Organization, company, government agency.

Your locality (or random identifier): The location of the organization.

Your two-letter country code: ISO 3166 country code, e.g. DE for Germany.

Valid until: Local date on which the certificate expires. (Default: in 20 years)

Import root certificate

The file selection window opens, allowing you to select the certificate file.

Create a signed certificate

Display name: Name in the certificate (common name, CN).

Your first and last name: Name of the certificate holder.

Your organization: Organization, company, government agency.

Your locality (or random identifier): The location of the organization.

The name in a signed certificate must be different from the one in the root certificate with which it is signed. UMS provides a warning in this case: 

Invalid Certificate



Your two-letter country code: ISO 3166 country code, e.g. DE for Germany.

Host name and/or IP of certificate target server: Host name(s) and IP address(es) for which the certificate is valid. Multiple entries should be separated by a semicolon. To generate a wildcard certificate, use the asterisk, e.g. *.example.com.

Valid until: Local date on which the certificate expires. (Default: in a year)

Certificate type
Possible options:

  • CA Certificate: The certificate can be used to sign other certificates, but it cannot be used by the ICG.

  • End Entity: The certificate can be used by the ICG, but it cannot be used to sign other certificates.

Context menu (root certificate)

Create signed certificate: Collects certificate data and signs them with the selected root certificate.

Import signed certificate: Imports a certificate that was already signed outside the UMS by the imported CA.

Import decrypted private key: Imports a private key file.

If the private key is protected with a passphrase, you must decrypt it on the command line with OpenSSL before importing it: openssl rsa -in encrypted.key -out decrypted.key



Remove certificate: Deletes the certificate from the UMS.

Export certificate chain in the IGEL Cloud Gateway Keystore format: Produces a file for ICG installation program.

Export certificate: Exports certificate file.

Show certificate content: Shows the content of the certificate in a text window.