This article shows snapshots on how to configure the ProxySG to import a certificate from a ICAP server to establish a Secure ICAP connection

1. From the Content Analysis Server/ICAP, create a certificate. 

NOTE: Remember to match the Common Name(CN) of the certificate to the ICAP URL Hostname/IP address in the ProxySG ICAP settings. Example 10.10.10.10 which will be referred to later as icap://10.10.10.10/avscan

2. Download or save the certificate.

3. Open the certificate using a text pad editor and copy out the content, inclusive -----BEGIN CERTIFICATE----- until -------END CERTIFICATE-------

4. To import the certificate to the ProxySG, go to Configuration > SSL > CA Certificate. Click Import, give the certificate a name and paste the copied certificate from the text pad into the CA Certificate PEM window.

5. Add the created certificate into the CA Certificate List. Go to Configuration > SSL > CA Certificates, choose the second tab "CA Certificate Lists". 

Click New, look for the created certificate and move it to the right side of the window by clicking "Add>>". Click OK and Apply.

6. After adding into the CA Certificate List, link it to the Device Profiles. Go to Configuration > SSL > Device Profiles and Click New

- Give a name to the Device Profile

- Leave the Keyring as None

- Choose the CA Certificate List created earlier for the CCL

- Click OK and Apply

7. Finally link the Device Profiles with the Secure ICAP settings. Go to Configuration > Content Analysis > ICAP > Click New/Edit the existing ICAP

- Disable the plain ICAP

- Enable Secure ICAP and choose the Device Profile created earlier.

- Click OK and Apply.