Configuring Certificates

The Certificates section is located at the settings certificates level.

To import certificates, use the following command:

Admin@nodename# import settings certificates

Parameters:

Parameter

Description

name

Certificate name that will be listed.

description

Certificate description.

certificate-data

Certificate in PEM format.

certificate-chain

Certificate's chain in PEM format.

private-key

Private key in PEM format.

passphrase

Passphrase for the private key or PKCS12 container (optional value).

user

Local user to which the user certificate will be assigned.

ldap-user

LDAP connector user to which the user certificate will be assigned.

  • user: user name in domain\user format.

  • connector: select an LDAP server.

role

Certificate type:

  • web-cert-chain: web console certificate's chain.

  • ssl-intermediate: intermediate certificate in the certification authority chain that was used to issue a certificate for SSL inspection.

  • ssl-root: root certificate in the certification authority chain which was used to issue a certificate for SSL inspection.

  • user: user certificate that can be used to authenticate users when they access published resources using reverse proxy rules.

  • ssl-cert: class of SSL inspection certificate from a certification authority used to generate SSL certificates for Internet hosts for which HTTPS, SMTPS, and POP3S traffic is intercepted.

  • captive-portal: certificate used to create a secure HTTPS connection for users to the Captive portal authentication page, to display the block page, the Captive portal Logout page, and to operate an FTP proxy.

  • web-ssl: certificate used to create a secure HTTPS administrator connection to the UserGate web console.

  • saml: certificate the SAML client will use.

  • none.

To export certificates, the entire certificate's chain or CSR, use the following command:

Admin@nodename# export settings certificates <certificate-name> Admin@nodename# export settings certificates <certificate-name> with-chain on

To create a certificate and CSR, use the following command:

Admin@nodename# create settings certificates type <certificate | csr>

Provide the following parameters:

Parameter

Description

name

Certificate name.

description

Certificate description.

country

Country where the certificate is being issued.

state

Region/state where the certificate is being issued.

locality

Locality name where the certificate is being issued.

organization

Organization name for which the certificate is being issued.

common-name

Certificate name. To ensure compatibility with the majority of browsers, we recommend using only Latin characters.

email

Company email.

To manage a certificate, use the following command:

Admin@nodename# set settings certificates <certificate-name>

Available parameters:

Parameter

Description

name

Certificate name.

description

Certificate description.

role

Certificate type:

  • web-cert-chain: web console certificate's chain.

  • ssl-intermediate: intermediate certificate in the certification authority chain that was used to issue a certificate for SSL inspection.

  • ssl-root: root certificate in the certification authority chain which was used to issue a certificate for SSL inspection.

  • user: user certificate that can be used to authenticate users when they access published resources using reverse proxy rules.

  • ssl-cert: class of SSL inspection certificate from a certification authority used to generate SSL certificates for Internet hosts for which HTTPS, SMTPS, and POP3S traffic is intercepted.

  • captive-portal: certificate used to create a secure HTTPS connection for users to the Captive portal authentication page, to display the block page, the Captive portal Logout page, and to operate an FTP proxy.

  • web-ssl: certificate used to create a secure HTTPS administrator connection to the UserGate web console.

  • saml: certificate the SAML client will use.

  • none.

user

Local user to which the user certificate will be assigned.

ldap-user

LDAP connector user to which the user certificate will be assigned.

  • user: user name in domain\user format.

  • connector: select an LDAP server.

certificate-data

Certificate in PEM format.

certificate-chain

Certificate's chain in PEM format.

To delete a certificate, use the following command:

Admin@nodename# delete settings certificates <certificate-name>

To view information about all or individual certificates, use the following command:

Admin@nodename# show settings certificates Admin@nodename# show settings certificates <certificate-name>

To delete a certificate from the cache, use the following command:

Admin@nodename# delete settings certificates-cache <common-name>