cancel
Showing results for 
Search instead for 
Did you mean: 
jont717
Level 12

User Interface Certificate Web Gateway 7.1

Jump to solution

How do I import a new certificate for the User Interface of the Web Gateway.  I want to use our own CA which is our in house Microsoft CA server.

When I go to import a certificate in the Web Gateway, it looks like it is looking for 3 certificates.  Some of them have to be .pem files?

What do I need to generate from my CA server to use on the Web Gateway? 

Thanks!

0 Kudos
1 Solution

Accepted Solutions
eelsasser
Level 15

Re: User Interface Certificate Web Gateway 7.1

Jump to solution

Logon to the SSH prompt of MWG.

# openssl req -out MWG.csr -new -newkey rsa:2048 -nodes -keyout MWG.key

Fill in the blanks it asks for and enter a password. remember the password for future use.

Copy the MWG.csr and MWG.key files it generates to your PC.

Give the .MWG.csr to the CA to sign.

Take the certificate it signed, the MWG.key, and the CA certificate and the password you created and enter them into the GUI section of the configuration.

The names don't matter. they could be .pem, .crt, .cer or other name. As long as you can open them in notepad and they look like base64 encoded text, they should be fine.

0 Kudos
15 Replies
eelsasser
Level 15

Re: User Interface Certificate Web Gateway 7.1

Jump to solution

For the MWG User Interface, you need the certificate, private key and certificate chain (the CA's root certificate)

You can create a CSR from any computer with OpenSSL and submit it to the CA for signing.

Here's the command i use from a cheat sheet stuffed away for ocassional use:

•Generate a new private key and Certificate Signing Request

$ openssl req -out MWG.csr -new -newkey rsa:2048 -nodes -keyout MWG.key

Give the MWG.csr to the CA and have them sign it. Keep the MWG.key to be used again when you import it.

Message was edited by: eelsasser
typo on 11/22/11 5:20:51 PM EST
0 Kudos
jont717
Level 12

Re: User Interface Certificate Web Gateway 7.1

Jump to solution

Thank you for your answer.  I am new to certificates and never used OpenSSL.

Is there step by step instructions I can follow?

I know how to submit for signing in our CA server, but where do I get the private key file?  Do they have to be .PEM format?  Our CA certifiacate is .cer

Thanks for your time.

0 Kudos
eelsasser
Level 15

Re: User Interface Certificate Web Gateway 7.1

Jump to solution

Logon to the SSH prompt of MWG.

# openssl req -out MWG.csr -new -newkey rsa:2048 -nodes -keyout MWG.key

Fill in the blanks it asks for and enter a password. remember the password for future use.

Copy the MWG.csr and MWG.key files it generates to your PC.

Give the .MWG.csr to the CA to sign.

Take the certificate it signed, the MWG.key, and the CA certificate and the password you created and enter them into the GUI section of the configuration.

The names don't matter. they could be .pem, .crt, .cer or other name. As long as you can open them in notepad and they look like base64 encoded text, they should be fine.

0 Kudos
jont717
Level 12

Re: User Interface Certificate Web Gateway 7.1

Jump to solution

Okay, I will let you know how it goes. 

This is not going to break anything with our SSL Scanner and the certificates all our users have in IE for that, correct?

0 Kudos
eelsasser
Level 15

Re: User Interface Certificate Web Gateway 7.1

Jump to solution

This is just for the GUI, so your browser doesn't get cert warnings when you logon to administer it. It doesn't do anything to SSL scanning for proxy traffic.

0 Kudos
jont717
Level 12

Re: User Interface Certificate Web Gateway 7.1

Jump to solution

Correct, that's what I thought.  Just making sure as these are production systems. 

0 Kudos
jont717
Level 12

Re: User Interface Certificate Web Gateway 7.1

Jump to solution

Can I do this same thing for our ePo server?  We cannot SSH into our ePo server, so I was hoping to use the openssl command on the SSH prompt of the MWG.....will that work?

0 Kudos
eelsasser
Level 15

Re: User Interface Certificate Web Gateway 7.1

Jump to solution

Yes, it should. I have done it myself on ePO.

0 Kudos
jont717
Level 12

Re: User Interface Certificate Web Gateway 7.1

Jump to solution

When I apply the certificate and go to Save Changes it wants to stop the user interface service and restart it.  Will this affect users?

0 Kudos