question – my cloud gateway cert is expiring on Monday and I was following the knowledge base on “Updating Expired ICG Keystores” and on step 3 right-click the root certificate choose Create signed certificate but that is greyed out. thanks
I can’t open your picture… Just in case, we speak about a public CA, right? The steps described in the DOC are meant for UMS as CA. In your case, I would suspect that you need to create the Certificate on CA side with the corresponding ICG public servername, but only assuming here.
yes, that is correct it is public CA . So after I get that created and sent in to Digicert and they send back new cert. Just import back into UMS and would I need to export certificate chain to Cloud gateway keystone format?
Which UMS / ICG versions are you using?
UMS – 6.06.110 / ICG 2.02.110
perfect! Yes, that would be the case. Just don‘t forget DON‘t replace the Root CA, that would get difficult then.
kb.igel.com/igelicg-2.02/en/certificate-management-31601159.html kb.igel.com/igelicg-2.02/en/certificate-management-31601159.html
I made the CRT on the cloud gateway server and send that to digiCertCA and got a new CRT and tried to import it into USM but it says it does not match. Do I need to remove the cert that is expiring first and leave the other two alone ROOT.cer and INTER.cer? Also, should I have created the CRT in USM? If I don’t get this fix before the cert expires on Monday at 6 AM would everything still work on the IGEL Clients other than talking with Cloud Gateway until the cert is fix? Thanks for the help
Did you went through the steps described on Page 99:
files.igelcommunity.com/igel/IGEL-Step-by-Step-Getting-Started-Guide-2.2.pdf files.igelcommunity.com/igel/IGEL-Step-by-Step-Getting-Started-Guide-2.2.pdf
?
Creating an UMS CA/Certificate/Keystore is needed if you can‘t use a public certificate and goes the self signed route. An expired certificate isn‘t that bad, an expired CA is a bit trickier.
Thanks again, I got everything up and working.
Did it worked like expected or did you had some pain points?
I followed the following files.igelcommunity.com/igel/How-to-Use-a-DigiCertificate-SSL-Certificate-with-ICG.pdf but now looking at it forgot to update keystone to cloud gateway and it is giving me a warning that devices that are connected to cloud gateway (226) will be affected devices that won’t get the new cert update 😞 Any ideas on this? I have not continue yet from this point.
I found that 47 Devices are registered via IGEL Cloud Gateway AND do not support the Feature ICG_CERT_EXCHANGE
Which firmware are they on?
11.04.130.01
Any chance to update them first to 11.05.100? or at least 11.04.270?
Continue reading and comment on the thread ‘Trying to upgrade ICG certificate but it is greyed out?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!