Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1872
Views
0
Helpful
2
Replies

ACE SSL offload - Existing Certificate (Export and import to ACE)

Paul Pinto
Level 1
Level 1

‎11-09-2009 02:33 PM

Goodday all,

Our customer has migrated from CSM to ACE and would now like to test and imlement SSL offloading. We will test both options (SSL server only plus End-to-End SSL).

My question is around the following:

Customer would like to export existing certificates, keys, etc from servers (have one cert installed on many servers) and have us import these onto the ACE. The servers are however IIS server's and I don't think the ACE supports pfx formats.

So, can these be utilised if they are exported and then converted with something like open ssl or key tools?

Also, would I be correct in assuming we would also need to install and configure intermediate and Root certificates in a chain group?

Any guidance and assitance would be appreciated.

Thanks.

Paul

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎11-10-2009 12:55 AM

Paul, you can use openssl to extract pem formatted key and cert and import them into your ACE.

You may need to install the intermediate certificate in a chaingroup....ACE does not require it, but client browsers will probably want ACE to send them.

Gilles.

0 Helpful

Paul Pinto
Level 1
Level 1
In response to Gilles Dufour

‎11-10-2009 01:07 AM

Thanks for the response Gilles,

Have bit of a challenge regarding openssl (it's not available) at the client. Found an app called portecle, java based, and it seems this may do the job. Will try and let you know.

Paul

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card