Upload certificates

This topic describes how to upload a self-signed certificate, or a certificate from a Certificate Authority, to Access Gateway.

You must upload certificates to Access Gateway before you can associate them with applications.

If you upload a self-signed certificate, the default virtual hostname is associated with it.

The certificate must be in Privacy Enhanced Mail (PEM) format.

Remove the passphrase from the certificate before you add it to Access Gateway.

You can also use the Access Gateway Admin UI console to select a certificate. See Associate a default host certificate using the Access Gateway Admin UI console.

Upload an SSL certificate

Use a Secure Shell (SSH) connection to connect to the Access Gateway Management console. See Command Line Management Console reference.
Press 2 to go to the Services submenu.
Press 1 to go to the NGINX submenu.
Press 6 to update a Secure Sockets Layer (SSL) certificate. The list of certificates appears.
Select one of the following commands:
- x: Exit the Add/modify certificates submenu.
- a: Add a certificate. See Add a certificate for instructions.
- #: Modify a certificate. See Modify a certificate for instructions.

You can add certificates using cut and paste operations. Both the certificate and the key must be in Privacy Enhanced Mail (PEM) format.

Depending on your operating system, the command sequence for copying and pasting certificate contents may be different than what appears here.

In a text editor, open the new certificate file.
Select and copy the contents of the certificate file.
Return to the command-line console and paste the certificate file contents. If you want to include the intermediate and root certificates, you must provide them in the following order: issued certificate, intermediate, and then the root. This example shows how to format the command to include all three certificates: -----BEGIN CERTIFICATE----- Issued Certificate -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Intermediate Certificate -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Root Certificate -----END CERTIFICATE-----
Press Ctrl + d to save the certificate contents. The command-line console opens a new editor for the certificates' associated key contents.
In a text editor, open the key file.
Select and copy the contents of the key.
Return to the command-line console and paste the key file contents.
Press Ctrl + d to save the key contents. The hostname and certificate type are pulled automatically for the certificate.
If you're updating a certificate, a prompt asks if you want to replace the current certificate. To update the certificate, press y and then Enter.

Select one of the following commands:

d: Delete a certificate.
u: Update a certificate. Follow the prompts to copy and paste the replacement certificate's key and certificate file, both of which must be in PEM format.
x: Exit this menu without making changes.