Migrating the SSL intercept certificate to a new gateway

If you are upgrading or installing a new USS Gateway and you wish to use the same SSL intercept certificate from another USS Gateway, you can follow these steps to export it from the existing gateway and import it into the new one.

  1. Log in to the local UI on the existing USS Gateway

Navigate to System then open the SSL Certificates drop-down menu and click Export CA.

The browser will attempt to download ussgw-cafile.pem. Place this some where safe.

  1. Log in to the local UI on the new USS Gateway

Navigate to System then open the SSL Certificates drop-down menu and click Import CA.

Browse to the location where you stored ussgw-cafile.pem in the previous step. Select the file.

Click Upload.

It can take a few seconds to upload the file.

You should now be able to browse HTTPS sites through the new proxy without needing to reinstall the SSL certificate on the client device.

You can verify that HTTPS sites are being intercepted correctly by clicking on the secure padlock icon in the browser, e.g.

You can also open the certificate and view the fingerprint to confirm this is the same as the certificate used for the original gateway server.


How did we do?