Importing a certificate generated by other devices for intercepting reverse proxy
You want to configure a reverse proxy deployment using a certificated generated on a backend server and submitted to the CA for signing. You must import the certificate onto the ProxySG.
1. Make sure you have the following ready:
> Private key of the certificate. This should be in the PEM format (when you open this in a notepad, it should begin with "BEGIN RSA PRIVATE KEY" and end with "END RSA PRIVATE KEY").
> The certificate. This should be in the PEM format (when you open this in a notepad, it should begin with "BEGIN CERTIFICATE" and end with "END CERTIFICATE").
> SSL license on the SG.
2. Create a new keyring, making sure to select the 'Import keyring' option as described in the following steps:
Go to Configuration > SSL > Keyrings > Click on the "Create" button.
Enter a name for the keyring.
Select the following options:
- Show keypair
- Import keyring
Copy the private key into the "Keyring" text box.
Select the "Keyring password" option box and enter the private key password (if any).
3. Import the certificate into the new keyring:
Highlight the new keyring that you created in Step 2 above.
Click the "Edit" button.
Under the "Certificate" section, click the "Import" button.
Copy the certificate into the "Import certificate" text box.
4. Choose the keyring that you created above under the 'HTTPS Reverse Proxy' for the backend server.
Go to Configuration > Services > Proxy Services > Edit the service (with the assumption that the 'HTTPS Reverse Proxy' service already been created).
Under the 'Proxy settings' section > Keyring > Choose the keyring that you created on the steps above.
Rate this Page
Please take a moment to complete this form to help us better serve you.