Please enable JavaScript to view this site.

This submenu is called up from SSL and/or CA.

 

At this point, you can import an already existing certificate.

 

anchor link Section Upload EXISTING CERTIFICATE

 

If a suitable certificate/key pair already exists, it can be uploaded in different ways - depending on the certificate format (PEM or PKCS#12).

 

Parameters

Description

anchor link PKCS12 file

The internet browser button "Select file" is used to select the PKCS#12 file (with the extension .p12 or .pfx).

anchor link PKCS12 password

Since a PKCS#12 file contains the private key, this file is password-protected. The password must be entered in this input field before importing the PKCS#12 file selected above.

empty

anchor link Note:

Some CAs offer the option of issuing a new certificate with the same private key, i.e. without CSR. It is possible to renew the certificate while keeping the same private key via an import in PEM format.

Additionally, in the case of previously missing intermediate certificates, this makes it possible to carry out another certificate import, including the missing intermediate certificates, while keeping the same private key remains the same.

anchor link PEM file

The internet browser button "Select file" is used to select the PEM file (with the extension .pem).

 

empty

anchor link Attention:

When importing a PEM file, it is to be ensured that the private key contained in it is not encrypted! Otherwise, it would be rejected.

anchor link PEM text

In this field, both the private (optional) and the public key and, if applicable, the intermediate certificates are inserted as text. If a private key is also imported, it is to be ensured that it is not password-protected (see warning under PEM file).

The entry should therefore look similar to this:

-----BEGIN PRIVATE KEY-----

# Private key

-----END PRIVATE KEY-----

-----BEGIN CERTIFICATE---

# Public key

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE---

# A possibly required intermediate certificate

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE---

# Possibly additional intermediate certificates required

-----END CERTIFICATE-----

 

empty

anchor link Attention:

No matter which method is used to import the key pairs, it is to be ensured at all times that in the upload all necessary intermediate certificates for a complete certificate chain are included. An incomplete certificate chain always leads to problems during the certificate check if this is not already known to the remote peer.

Not every PKCS12 or PEM file contains the complete certificate chain. In this case, the required intermediate certificates may have to be obtained elsewhere and embedded in the certificate to be imported.

The root certificate of the root certification authority must not be added since the remote peer must trust it anyway!

In the case of SSL certificates, internet tools - such as CheckTLS - would then show that the certificate chain is not complete and thus report an unknown certificate.

If the root certificate was added to the root certificate authority by mistake, some checking tools report errors such as "Chain issues - Contains anchor"is displayed.

 

The Import button uploads the certificate to the appliance.

 
  

Keyboard Navigation

F7 for caret browsing
Hold ALT and press letter

This Info: ALT+q
Topic Header: ALT+t
Topic Body: ALT+b
Contents: ALT+c
Search: ALT+s
Exit Menu/Up: ESC