Upload certificates

Upload a self-signed certificate, or a certificate from a Certificate Authority, to Access Gateway.

You must upload certificates to Access Gateway before you can associate them with applications.

If you upload a self-signed certificate, the default virtual hostname is associated with it.

You can also use the Access Gateway Admin UI console to select a certificate. See Associate a default host certificate using the Access Gateway Admin UI console.

Upload an SSL certificate

  1. Use Secure Shell (SSH) to connect to the Access Gateway Management console. See Command Line Management Console reference.
  2. Enter 2 to go to the Services submenu.
  3. Enter 1 to go to the NGINX submenu.
  4. Enter 6 to update an SSL certificate. Existing certificates are displayed similar to the following: Available Certificates: ----------------------- [1] admin.crt [2] gateway_info.crt [3] localhost.crt . . . [a] Add new certificate [x] Exit [#, a, x]:
  5. Select a command to perform:
    1. x - Exit the add/modify certificates submenu.
    2. a - Add a certificate.
    3. # - Modify an existing certificate.

Add a certificate

You can add certificates using cut and paste operations.

Both the certificate and the key must be in Privacy Enhanced Mail (PEM) format.

Depending on your OS, the command sequence for copy and paste operations may be different.

This applies only to copy and paste operations and not completing the entry of certificate contents.

  1. In a text editor, open the new certificate file.
  2. Within the editor, select and copy the contents of the certificate file.
  3. Return to the command-line console and paste the certificate file contents. If you want to include the intermediate and root certificates, you must provide them in the following order: issued certificate, intermediate, and finally the root. The following example demonstrates the format to use to include all three certificates: -----BEGIN CERTIFICATE----- Issued Certificate -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Intermediate Certificate -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Root Certificate -----END CERTIFICATE-----
  4. Press Ctrl + d to save the certificate contents.

    The command-line console opens a new editor for the certificates' associated key contents.

  5. In a text editor, open the key file.
  6. In the editor, select and copy the contents of the key.
  7. Return to the command-line console and paste the key file contents.
  8. When complete, press Ctrl + d to save the key contents.

The hostname and certificate type are pulled automatically for the certificate.

If you're updating an certificate, a prompt asks if you want to replace the current certificate. To proceed with the certificate update, press the y followed by Enter.

Modify an existing certificate

When modifying an existing certificate, you're presented with three options:

  • [d] - Delete certificate
  • [u] - Update certificate
  • [x] - Return without change.

To exit without change, enter x.

To update a certificate, enter u. Follow the prompts to copy and paste the replacement certificate's key and certificate file, both of which must be in PEM format.

To delete a certificate, enter d. Follow the prompts to complete the deletion.

Next steps

Associate certificates

Associate a default host certificate using the Access Gateway Admin UI console