Hi All, We preparing to install ICG and have a question about Cert for ICG. We planned to go with Creating certificates from an Existing Root Certificate. It involves using Root CA private key from CA certificate to create a signed client certificate. Can the Root CA private key be removed from the UMS after the signed client certificate is created? There may be some concerns having the Root CA private key left on a DMZ server, if it can’t be deleted.

I don’t fully have an answer for you as that is a bit outside my wheelhouse. However, I do have a question. Are you saying your UMS server is in the DMZ?
UMS is in LAN and ICG is in DMZ. ICG will be installed via Remote installer.
You generate a privaze key for your ICG server and create da Signing Request (CSR) from it. With the CSR you can create the certificate on your CA server. Than you import the generated private key and the new certificate into your UMS – you alos need to import the certificates of your CA and (if used) intermediate CA – no need to import a private key from a CA. It is the same as if you use a public CA – you only get their certificate chain and no private key from them.
Then, you don’t have to worry, the ROOT CA and the according key will never leave your LAN, both stays in your UMS. They are needed there for issuing and verifying.
Continue reading and comment on the thread ‘Can the Root CA private key be removed from the IGEL UMS after the signed client certificate is created?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!
Popular Message Threads
- Error “AM_ERROR_AUTH_NETWORK_ERROR [65275]” adding store in Citrix Workspace App version 20.x on IGEL OS 11.04
- How to Install IGEL OS via a Bootable USB Drive
- Error connecting to Citrix StoreFront “Error adding store: Http error[302]”
- Receiving error: “Citrix Receiver cannot create a secure connection in this browser” when launching a secure connection from Firefox on IGEL OS
- How to change the default IGEL UMS admin password?
- Where to delete the certificates that cause ‘invalid certificate’ when trying to import an IGEL into UMS?
- What distro of Linux the IGEL kernel is based on?