The settings for "SHA256" and the key size are for the certificate that the MWG actually creates. See screenshots below.
When you generate a certificate in the UI, you're just creating a self-signed certificate.
If you want to create a self-signed certificate with a 2048 key, using sha256, you can do this from the CLI using the following command. The cert will be valid for 10 years (3650 days):
openssl req -nodes -sha256 -x509 -newkey rsa:2048 -keyout mwg.key.pem -out mwg.crt.pem -days 3650
openssl rsa -in mwg.key.pem -out mwg.key.pem
You will need to import mwg.crt.pem and mwg.key.pem into your GUI. You can then distribute mwg.crt.pem as the CA.
Thanks for the details. Could you please confirm if we can import this generated certificate across multiple WebGateway's ?
Thanks & Regards
This is a policy setting, so yes it automatically does it.