https://community.cisco.com/t5/application-networking/cisco-ace-ssl-termination/m-p/1570475#M32136 <HTML><HEAD></HEAD><BODY><P></P><DIV><P>Naren,</P><P></P><P>1. In order to import certs and keys, please see the following link to the command reference.&nbsp; To summarize, any time you import/export/delete keys/certs, you are doing so via commands in exec mode.&nbsp; Regarding how and where the ACE actually saves this information, I do not know this answer.</P><P><A class="active_link" href="http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/command/reference/execmds.html#wp1616651">http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/command/reference/execmds.html#wp1616651</A></P><P></P><P>2. You can import a key as non-exportable if you do not want it to be able to be exported. If you import it as exportable, you can always export it later for backups or what not.</P><P></P><P>3. You can decrypt captured HTTPS traffic if you have the private key.&nbsp; It is important to limit access to it.&nbsp; Please see this link for more info on using Wireshark to view decrypted HTTPS traffic: <A class="active_link" href="http://wiki.wireshark.org/SSL">http://wiki.wireshark.org/SSL</A></P><P></P><P>Hope this helps!</P><P></P><P>Regards,</P><P>Matt</P></DIV><P></P></BODY></HTML> Tue, 14 Dec 2010 22:08:19 GMT mgalazka 2010-12-14T22:08:19Z https://community.cisco.com/t5/application-networking/cisco-ace-ssl-termination/m-p/1570474#M32135 <P>Hello Friends,</P><P></P><P>Need ur help on cisco ACE SSL termination.</P><P>If i import the certificate and key (.PEM), where this files will be saved ?</P><P>can we able to download the .PEM file any time as we need(back-up)?</P><P>suppose if my .PEM is got hacked, hacker is sniffing the data packet which going through the web server, can it be possiable to deencrypt the packet and see the exact packet ?</P><P></P><P></P><P>Regards,<BR />Naren</P> Tue, 14 Dec 2010 20:45:41 GMT https://community.cisco.com/t5/application-networking/cisco-ace-ssl-termination/m-p/1570474#M32135 Naren naren 2010-12-14T20:45:41Z https://community.cisco.com/t5/application-networking/cisco-ace-ssl-termination/m-p/1570475#M32136 <HTML><HEAD></HEAD><BODY><P></P><DIV><P>Naren,</P><P></P><P>1. In order to import certs and keys, please see the following link to the command reference.&nbsp; To summarize, any time you import/export/delete keys/certs, you are doing so via commands in exec mode.&nbsp; Regarding how and where the ACE actually saves this information, I do not know this answer.</P><P><A class="active_link" href="http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/command/reference/execmds.html#wp1616651">http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/command/reference/execmds.html#wp1616651</A></P><P></P><P>2. You can import a key as non-exportable if you do not want it to be able to be exported. If you import it as exportable, you can always export it later for backups or what not.</P><P></P><P>3. You can decrypt captured HTTPS traffic if you have the private key.&nbsp; It is important to limit access to it.&nbsp; Please see this link for more info on using Wireshark to view decrypted HTTPS traffic: <A class="active_link" href="http://wiki.wireshark.org/SSL">http://wiki.wireshark.org/SSL</A></P><P></P><P>Hope this helps!</P><P></P><P>Regards,</P><P>Matt</P></DIV><P></P></BODY></HTML> Tue, 14 Dec 2010 22:08:19 GMT https://community.cisco.com/t5/application-networking/cisco-ace-ssl-termination/m-p/1570475#M32136 mgalazka 2010-12-14T22:08:19Z