To transfer the keyring from one Edge SWG (ProxySG) to another you need to complete the following steps.
1. Create Keyring
a. In the WebUI Go to Management Console > Configuration Tab > SSL > Keyrings
b. Click the Create button
c. Type a name in the Keyring Name field (ex: CA_Cert)
d. Click OK (if you leave the default setting of "Do not Show Key Pair" you will not be able to copy this keyring to a new device if you should need to in the future)
2. Retrieve private key from proxy SG
a. login to the CLI and type the following commands:
enable
<your keyring-name (ex: CA_Cert)>
conf t
ssl
view keypair unencrypted
b. save Private Key as a text file to use it later
3. Save SSL certificates that are installed on the source appliance used for decryption or management console, etc. (if private key is Hidden, a new keyring/private key will need to be created) Note: This can only be done if Show keypair was selected when the keyring was created.
a In the Management Console, select Configuration > SSL > Keyrings.
b. Click Edit/View.
c. Copy the CSR(if applicable) and Certificate and paste it into a text editor. Make sure that there are no spaces or extra characters.
4. Log in to Management Center and create a script
a. Configuration>Scripts>Add Script>
b.Type a Name
c. Select Type: (Proxy SG or Advanced Gateway)
d. Click “Save”
e. In open editor type in script in this format:
inline keyring show
<your keyring name> eof
<paste here Private Key followed by certificate>
eof
Save the script
See screenshot below as an example:
5. Execute on Device
a. Once you have a script, select “Execute on Device” to push it out to selected Proxy.