Importing your Root CA

Support

Go to the table of contents

Go to the previous page

Go to the next page

Go to the index

View or print as PDF

Working With Encrypted Data > Internal Root CA > Importing your Root CA

Importing your Root CA

Help | Content Gateway | Version 7.7.3

If your organization already has a root certificate authority, you can import it. This certificate must be trusted by all browsers in your organization. Be sure to back up any new internal Root CAs that you import. See Backing up your internal Root CA for details.

1.	Navigate to Configure > SSL > Internal Root CA > Import Root CA.

2.	Browse to select the certificate. The certificate must be in X.509 format and base64-encoded.

3.	Browse to select the private key. It must correspond to the certificate you selected in Step 2.

Note

The certificate and private key format must match.

Additionally, the private key format must match the format required by the importing node.

When FIPS is enabled, Content Gateway requires an encrypted private key for importing a CA.

When FIPS is disabled, Content Gateway requires an RSA private key for importing a CA.

To verify the certificate and private key format, view the files in a text based editor. The Internal Root CA (PCAcert.pem) and private key (PCAkey.pem) are stored by default in /opt/WCG/sxsuite/conf/CA_default/PCA. If the certificate and private key you are importing are saved to a different location, navigate to that location to view the files.

For information on converting the private key format, see:

Importing a CA between a non-FIPS & FIPS enabled node

Converting an encrypted private key to an RSA key

4.	Enter, and then confirm, the passphrase.

5.	Click Import Root CA. The imported CA is stored in /opt/WCG/sxsuite/conf/CA_default/PCA.

Go to the table of contents

Go to the previous page

Go to the next page

Go to the index

View or print as PDF

Working With Encrypted Data > Internal Root CA > Importing your Root CA