06-15-2015 09:35 AM
Hi,
I need to configure a Cisco ACE 4710 in End-to-End SSL mode and need to know if the ACE for this scenario requires corresponding key pairs or whether it is sufficient with the .crt certificate import.
In this manual says that the corresponding key pairs is only needed for the following applications:
- SSL termination
- SSL initiation
http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/v3-00_A2/configuration/ssl/guide/sslgd/certkeys.html
Its correct?
Best regards.
06-16-2015 01:01 AM
Hi,
It depends what you mean by end-to-end SSL. If you mean just passing the SSL traffic through without any additional processing then you don't need the cert/key on the ACE. However the phrase end-to-end, particularly in the ACE manuals means terminate the inbound SSL on the ACE and then re-initiate the SSL to the serverfarm - that is, a combination of SSL termination and SSL initiation. So you will need the cert and the key.
You need to create an ssl-proxy service object referencing the cert, key and chaingroup to terminate the SSL and another ssl-proxy service object for the ssl client side.
HTH
Cathy
06-16-2015 01:22 AM
Hi Cathy,
Thanks for the quick response was what I imagined. Because I need the cert / key because I have to deal with requests.
Best regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide