https://community.cisco.com/t5/application-networking/managing-certificates-and-keys-in-end-to-end-ssl/m-p/2716071#M42844 <P>Hi,</P><P>&nbsp;</P><P>It depends what you mean by end-to-end SSL. If you mean just passing the SSL traffic through without any additional processing then you don't need the cert/key on the ACE. However the phrase end-to-end, particularly in the ACE manuals means terminate the inbound SSL on the ACE and then re-initiate the SSL to the serverfarm - that is, a combination of SSL termination and SSL initiation. So you will need the cert and the key.&nbsp;</P><P>You need to create an ssl-proxy service object referencing the cert, key and chaingroup to terminate the SSL and another ssl-proxy service object for the ssl client side.</P><P>&nbsp;</P><P>HTH</P><P>&nbsp;</P><P>Cathy</P> Tue, 16 Jun 2015 08:01:42 GMT ciscocsoc 2015-06-16T08:01:42Z https://community.cisco.com/t5/application-networking/managing-certificates-and-keys-in-end-to-end-ssl/m-p/2716070#M42843 <P>Hi,</P><P>&nbsp;</P><P>I need to configure a Cisco ACE 4710 in End-to-End SSL mode and need to know if the ACE for this scenario requires corresponding key pairs or whether it is sufficient with the .crt certificate import.</P><P>&nbsp;</P><P>In this manual says that the&nbsp;corresponding key pairs is only needed for the following applications:</P><P>&nbsp;</P><P>-&nbsp;SSL termination</P><P>-&nbsp;SSL initiation</P><P>&nbsp;</P><P>http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/v3-00_A2/configuration/ssl/guide/sslgd/certkeys.html</P><P>&nbsp;</P><P>Its correct?</P><P>&nbsp;</P><P>Best regards.</P> Mon, 15 Jun 2015 16:35:54 GMT https://community.cisco.com/t5/application-networking/managing-certificates-and-keys-in-end-to-end-ssl/m-p/2716070#M42843 albertofdez 2015-06-15T16:35:54Z https://community.cisco.com/t5/application-networking/managing-certificates-and-keys-in-end-to-end-ssl/m-p/2716071#M42844 <P>Hi,</P><P>&nbsp;</P><P>It depends what you mean by end-to-end SSL. If you mean just passing the SSL traffic through without any additional processing then you don't need the cert/key on the ACE. However the phrase end-to-end, particularly in the ACE manuals means terminate the inbound SSL on the ACE and then re-initiate the SSL to the serverfarm - that is, a combination of SSL termination and SSL initiation. So you will need the cert and the key.&nbsp;</P><P>You need to create an ssl-proxy service object referencing the cert, key and chaingroup to terminate the SSL and another ssl-proxy service object for the ssl client side.</P><P>&nbsp;</P><P>HTH</P><P>&nbsp;</P><P>Cathy</P> Tue, 16 Jun 2015 08:01:42 GMT https://community.cisco.com/t5/application-networking/managing-certificates-and-keys-in-end-to-end-ssl/m-p/2716071#M42844 ciscocsoc 2015-06-16T08:01:42Z https://community.cisco.com/t5/application-networking/managing-certificates-and-keys-in-end-to-end-ssl/m-p/2716072#M42845 <P>Hi Cathy,</P><P>&nbsp;</P><P>Thanks for the quick response was what I imagined. Because I need the cert / key because I have to deal with requests.</P><P>&nbsp;</P><P>Best regards.</P> Tue, 16 Jun 2015 08:22:18 GMT https://community.cisco.com/t5/application-networking/managing-certificates-and-keys-in-end-to-end-ssl/m-p/2716072#M42845 albertofdez 2015-06-16T08:22:18Z