Configuring Secure ICAP by importing certificate CAS/ICAP Server to ProxySG
Last Updated November 23, 2017
This article shows snapshots on how to configure the ProxySG to import a certificate from a ICAP server to establish a Secure ICAP connection
1. From the Content Analysis Server/ICAP, create a certificate.
NOTE: Remember to match the Common Name(CN) of the certificate to the ICAP URL Hostname/IP address in the ProxySG ICAP settings. Example 10.10.10.10 which will be referred to later as icap://10.10.10.10/avscan
2. Download or save the certificate.
3. Open the certificate using a text pad editor and copy out the content, inclusive -----BEGIN CERTIFICATE----- until -------END CERTIFICATE-------
4. To import the certificate to the ProxySG, go to Configuration > SSL > CA Certificate. Click Import, give the certificate a name and paste the copied certificate from the text pad into the CA Certificate PEM window.
5. Add the created certificate into the CA Certificate List. Go to Configuration > SSL > CA Certificates, choose the second tab "CA Certificate Lists".
Click New, look for the created certificate and move it to the right side of the window by clicking "Add>>". Click OK and Apply.
6. After adding into the CA Certificate List, link it to the Device Profiles. Go to Configuration > SSL > Device Profiles and Click New
- Give a name to the Device Profile
- Leave the Keyring as None
- Choose the CA Certificate List created earlier for the CCL
- Click OK and Apply
7. Finally link the Device Profiles with the Secure ICAP settings. Go to Configuration > Content Analysis > ICAP > Click New/Edit the existing ICAP
- Disable the plain ICAP
- Enable Secure ICAP and choose the Device Profile created earlier.
- Click OK and Apply.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.