ProxySG & Advanced Secure Gateway

Hi All,

Kindly, I need to know how we can renew the Keyring or certificate for ASG, and from where we can issue the certificate in details. 
Appreciate your support.
Thanks

Hi ITA,

Are you using a self signed certificate like the default certificate? You can't renew the certificate, but what you do is create a new certificate, and edit the policy and configuration to use the new certificate. 

https://knowledge.broadcom.com/external/article?legacyId=tech244881

You also will want to add the new certificate to the client machine's Browser trust or to its Trusted Root Certificate Authorities

https://knowledge.broadcom.com/external/article/166277/add-proxysg-certificate-into-a-browser.html

Thanks,
Original Message:
Sent: 09-06-2020 02:12 AM
From: ITA ISD
Subject: Renew expired certificate ASG

Hi All,

Kindly, I need to know how we can renew the Keyring or certificate for ASG, and from where we can issue the certificate in details. 
Appreciate your support.
Thanks

Hi Jacob ​,
Thanks for your feedback, very helpful.
Original Message:
Sent: 09-08-2020 11:08 AM
From: Jacob M
Subject: Renew expired certificate ASG

Hi ITA,

Are you using a self signed certificate like the default certificate? You can't renew the certificate, but what you do is create a new certificate, and edit the policy and configuration to use the new certificate. 

https://knowledge.broadcom.com/external/article?legacyId=tech244881

You also will want to add the new certificate to the client machine's Browser trust or to its Trusted Root Certificate Authorities

https://knowledge.broadcom.com/external/article/166277/add-proxysg-certificate-into-a-browser.html

Thanks,
Original Message:
Sent: 09-06-2020 02:12 AM
From: ITA ISD
Subject: Renew expired certificate ASG

Hi All,

Kindly, I need to know how we can renew the Keyring or certificate for ASG, and from where we can issue the certificate in details. 
Appreciate your support.
Thanks

Hi Jacob,

Kindly,  how I make it as Browser trusted in the proxy and disable the old cert?
Thank you.
Original Message:
Sent: 09-17-2020 01:02 AM
From: ITA ISD
Subject: Renew expired certificate ASG

Hi Jacob ​,
Thanks for your feedback, very helpful.
Original Message:
Sent: 09-08-2020 11:08 AM
From: Jacob M
Subject: Renew expired certificate ASG

Hi ITA,

Are you using a self signed certificate like the default certificate? You can't renew the certificate, but what you do is create a new certificate, and edit the policy and configuration to use the new certificate. 

https://knowledge.broadcom.com/external/article?legacyId=tech244881

You also will want to add the new certificate to the client machine's Browser trust or to its Trusted Root Certificate Authorities

https://knowledge.broadcom.com/external/article/166277/add-proxysg-certificate-into-a-browser.html

Thanks,
Original Message:
Sent: 09-06-2020 02:12 AM
From: ITA ISD
Subject: Renew expired certificate ASG

Hi All,

Kindly, I need to know how we can renew the Keyring or certificate for ASG, and from where we can issue the certificate in details. 
Appreciate your support.
Thanks

Hi ITA ISD,

For Browser Trusted:

First, make sure you have imported the new certificate under Configuration > SSL > CA Certificates > CA Certificates.
Once the certificate is imported, navigate to the CA Certificate Lists tab, and click on browser-trusted, and then Edit. Find your certificate, and then click add. close out and hit Apply to save the changes.


Conversely, for an old certificate that you don't want trusted anymore, find it in the list in browser-trusted and remove it. Afterwords, you can remove it from the CA Certificates list in the first step.

If you are wanting to remove an old un-used keyring, you will want to use make sure the keyring is not longer referenced in policy or in the configuration. You can see if a keyring is referenced under Configuration > SSL > Keyrings. If something is referenced, usually a look for the keyring in the Sysinfo is the easiest way to see where in policy and config the keyring is referenced. If it is the default keyring, however, it becomes more difficult, as the default configuration is not listed in the Sysinfo. For this case, or if you are not well versed in reading the Sysinfo, I would recommend checking the places listed in this KB.

I hope that answers your question.

Original Message:
Sent: 09-24-2020 03:39 AM
From: ITA ISD
Subject: Renew expired certificate ASG

Hi Jacob,

Kindly,  how I make it as Browser trusted in the proxy and disable the old cert?
Thank you.
Original Message:
Sent: 09-17-2020 01:02 AM
From: ITA ISD
Subject: Renew expired certificate ASG

Hi Jacob ​,
Thanks for your feedback, very helpful.
Original Message:
Sent: 09-08-2020 11:08 AM
From: Jacob M
Subject: Renew expired certificate ASG

Hi ITA,

Are you using a self signed certificate like the default certificate? You can't renew the certificate, but what you do is create a new certificate, and edit the policy and configuration to use the new certificate. 

https://knowledge.broadcom.com/external/article?legacyId=tech244881

You also will want to add the new certificate to the client machine's Browser trust or to its Trusted Root Certificate Authorities

https://knowledge.broadcom.com/external/article/166277/add-proxysg-certificate-into-a-browser.html

Thanks,
Original Message:
Sent: 09-06-2020 02:12 AM
From: ITA ISD
Subject: Renew expired certificate ASG

Hi All,

Kindly, I need to know how we can renew the Keyring or certificate for ASG, and from where we can issue the certificate in details. 
Appreciate your support.
Thanks