05-13-2010 03:25 AM
Hi people,
I have used ace to create a csr and then send it to verisign and install the signed certificate on ACE so that it acts as ssl-proxy termination.
But now I want to know if it's possible for ACE to create a self signed certificate. (instead of sending it to verisign to sign it).
Can this be done?
thanks,
george
05-14-2010 01:47 PM
HI George,
As far as I know, there is no option to signed your certificates from ACE. You'll have to create keys and certificates on a separate device using openssl and then import them into the ACE module.
09-13-2010 03:01 PM
We've just upgrade our ACE's to A2(3.2) and it looks like this version has a self sigbed cert. Is this legit, similar to the one available on BigIP?
Thanks..
09-14-2010 04:22 AM
The purpose of a certificate is not just to encrypt data.
It is also to authenticate the server - guarantee that you are indeed communicating with the correct server.
A self-signed certificate will achieve part 1 (encryption) bot not guarantee part 2.
Only Certificate Authorities like Verisign can get you a certificate to achieve part2.
Therefore a self-signed certificate is never legitimate !!! Even the BipIP is not a legitimate certificate.
But you can achieve encryption using it.
Gilles.
09-14-2010 12:33 PM
09-15-2010 01:04 AM
you can't sign certificate from ACE.
All you get a sample key/cert.
Do a 'show crypto files' to find them
cisco-sample-cert 1082 PEM Yes CERT
cisco-sample-key 887 PEM Yes KEY
Gilles.
09-15-2010 06:13 AM
I must have mis-understood the previous post. If all there is, is a sample key/cert, then this does me no good. It would be more convenient to sign the cert/key within ACE then have to go to a Linux server for this action.
Regards,
John...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide