Transfer keyring from one Edge SWG (ProxySG) to another using Management Center
search cancel

Transfer keyring from one Edge SWG (ProxySG) to another using Management Center

book

Article ID: 171786

calendar_today

Updated On:

Products

Management Center

Issue/Introduction

To transfer the keyring from one Edge SWG (ProxySG) to another you need to complete the following steps.

Resolution

 

1. Create Keyring

a. In the WebUI Go to Management Console > Configuration Tab > SSL > Keyrings

b. Click the Create button

c. Type a name in the Keyring Name field (ex: CA_Cert)

d. Click OK (if you leave the default setting of "Do not Show Key Pair" you will not be able to copy this keyring to a new device if you should need to in the future)

 
2. Retrieve private key from proxy SG


a. login to the CLI and type the following commands:

enable
conf t
ssl
view keypair unencrypted
<your keyring-name  (ex: CA_Cert)>

b. save Private Key as a text file to use it later

 

 3. Save SSL certificates that are installed on the source appliance used for decryption or management console, etc. (if private key is Hidden, a new keyring/private key will need to be created)  Note: This can only be done if Show keypair was selected when the keyring was created.

a  In the Management Console, select Configuration > SSL > Keyrings.

b. Click Edit/View.

c. Copy the CSR(if applicable) and Certificate and paste it into a text editor. Make sure that there are no spaces or extra characters. 

 

4. Log in to Management Center and create a script


a. Configuration>Scripts>Add Script>

b.Type a Name

c. Select Type: (Proxy SG or Advanced Gateway)

d. Click “Save”

e. In open editor type in script in this format:

inline keyring show <your keyring name> eof

<paste here Private Key followed by certificate>
eof

Save the script

 
See screenshot below as an example:

 

 5. Execute on Device

a. Once you have a script, select “Execute on Device” to push it out to selected Proxy.