How to install a SSL Certificate for SSL Offloaders

Step 1: Obtain Intermediate CA Certificate

  • Copy the Intermediate CA certificate from your Secure128 portal under “Order Details”.
  • Be sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.
  • Save the file as CertChain.pem

Step 2: Obtain and Install your SSL Certificate

  • The SSL certificate will be sent by email. The certificate is included as an attachment (Cert.cer) and it is also imbedded in the body of the email. Copy the certificate.
  • The text file should look like this:

-----BEGIN CERTIFICATE----- [encoded data] -----END CERTIFICATE-----

  • Now that you have the proper certificates, load the certificates into certificate objects.
  • These separate certificate objects are then loaded into a certificate group. This example demonstrates how to load two certificates into individual certificate objects, create a certificate group, and enable the use of the group as a certificate chain.
  • Start the configuration manager
  • Attach the configuration manager and enter Configuration mode. (If an attach or configurationlevel password is assigned to the device, you are prompted to enter any passwords.)
    • inxcfg> attach myDevice
    • inxcfg> configure myDevice
    • (config[myDevice])>
  • Enter SSL Configuration mode and create an Intermediate certificate named CACert, entering into Certificate Configuration mode. Load the PEM-encoded file into the certificate object, and return to SSL Configuration mode.
    • (config[myDevice])> ssl
    • (config-ssl[myDevice])> cert myCert create
    • (config-ssl-cert[CACert])> pem CertChain.pem
    • (config-ssl-cert[CACert])> end
    • (config-ssl[myDevice])>
  • Enter Key Association Configuration mode, load the PEM-encoded CA certificate and private key files, and return to SSL Configuration mode.
    • (config-ssl[myDevice])> keyassoc localKeyAssoc create
    • (config-ssl-keyassoc[localKeyAssoc])> pem YourDomain.pem key.pem
    • (config-ssl-keyassoc[localKeyAssoc])> end
    • (config-ssl[myDevice])>
  • Enter Certificate Group Configuration mode, create the certificate group CACertGroup, load the certificate object CACert, and return to SSL Configuration mode.
    • (config-ssl[myDevice])> certgroup CACertGroup create
    • (config-ssl-certgroup[CACertGroup])> cert myCert
    • (config-ssl-certgroup[CACertGroup])> end
    • (config-ssl[myDevice])>
  • Enter Server Configuration mode, create the logical secure server server1, assign an IP address, SSL and clear text ports, a security policy myPol, the certificate group CACertGroup, key association localKeyAssoc, and exit to Top Level mode.
    • (config-ssl[myDevice])> server server1 create
    • (config-ssl-server[server1])> ip address netmask
    • (config-ssl-server[server1])> sslport 443
    • (config-ssl-server[server1])> remoteport 81
    • (config-ssl-server[server1])> secpolicy myPol
    • (config-ssl-server[server1])> certgroup chain CACertGroup
    • (config-ssl-server[server1])> keyassoc localKeyAssoc
    • (config-ssl-server[server1])> end
    • (config-ssl[myDevice])> end
    • (config[myDevice])> end
    • inxcfg>
  • Save the configuration to flash memory. If it is not saved, the configuration is lost during a power cycle or if the reload command is used.
    • inxcfg> write flash myDevice
    • inxcfg>

Verify your Certificate is installed correctly