Upload certificates

Certificates must be uploaded to Access Gateway before they can be associated with applications.


These steps show how the command line console can upload a user supplied certificate.

User supplied certificates are normally issued and signed by a trusted Certificate Authority (CA), but they can also be a self-signed.

  1. Use SSH connect to the Access Gateway Management console.
    See Command Line Management Console reference for a complete list of command line console commands.
  2. Enter 2 to go to the Services sub-menu.

  3. Enter 1 to go to the NGINX sub-menu.

  4. Enter 6 to update an SSL certificate.
    All existing certificates will be displayed and will resemble:

    Available Certificates:
    [1] admin.crt
    [2] gateway_info.crt
    [3] localhost.crt
    . . . 
    [a] Add new certificate
    [x] Exit
    [#, a, x]: 

  5. Select a command to perform:

    1. x - Exit the add/modify certificates sub-menu.
    2. a - Add a new certificate.
    3. # - Modify an existing certificate.

Add a new certificate

You can add certificates using cut and paste operations.

Both the certificate and the key must be in Privacy Enhanced Mail (PEM) format.

Depending on your OS, the command sequence for copy and paste operations may be different.
This applies only to copy and paste operations and not completing the entry of certificate contents.

  1. In a text editor, open the new certificate file.
  2. Within the editor, select and copy the contents of the certificate file.
  3. Return to the command line console and paste the certificate file contents.
  4. Press Ctrl + d to save the certificate contents.

    The command line console will open a new editor for the certificates associated key contents.

  5. In a text editor, open the key file.
  6. Within the editor, select and copy the contents of the key
  7. Return to the command line console and paste the key file contents.
  8. When complete, press Ctrl + d to save the key contents.

The hostname and certificate type are pulled automatically for the certificate.

If an existing certificate is being updated, a prompt stating A certificate for this domain already exists, do you wish to replace it? [Y,N] appears. To proceed with the certificate update, press the y followed by Enter.

Modify an existing certificate

When modifying an existing certificate, you are presented with three options:

  • [d] - Delete certificate
  • [u] - Update certificate
  • [x] - Return without change.

To exit without change, enter x.

To update a certificate, enter u.
Follow the prompts to copy and paste the replacement certificates key and certificate file, both of which must be in PEM format.

To delete a certificate, enter d.
Follow the prompt to confirm the delete or cancel.

Next steps