Migrating the SSL intercept certificate to a new gateway
If you are upgrading or installing a new USS Gateway and you wish to use the same SSL intercept certificate from another USS Gateway, you can follow these steps to export it from the existing gateway and import it into the new one.
- Log in to the local UI on the existing USS Gateway
Navigate to System then open the SSL Certificates drop-down menu and click Export CA.
The browser will attempt to download
ussgw-cafile.pem. Place this some where safe.
- Log in to the local UI on the new USS Gateway
Navigate to System then open the SSL Certificates drop-down menu and click Import CA.
Browse to the location where you stored
ussgw-cafile.pem in the previous step. Select the file.
You should now be able to browse HTTPS sites through the new proxy without needing to reinstall the SSL certificate on the client device.
You can verify that HTTPS sites are being intercepted correctly by clicking on the secure padlock icon in the browser, e.g.
You can also open the certificate and view the fingerprint to confirm this is the same as the certificate used for the original gateway server.