Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
5
Helpful
2
Replies

Managing Certificates and Keys in End-to-End SSL

albertofdez
Level 1
Level 1

‎06-15-2015 09:35 AM

Hi,

 

I need to configure a Cisco ACE 4710 in End-to-End SSL mode and need to know if the ACE for this scenario requires corresponding key pairs or whether it is sufficient with the .crt certificate import.

 

In this manual says that the corresponding key pairs is only needed for the following applications:

 

- SSL termination

- SSL initiation

 

http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/v3-00_A2/configuration/ssl/guide/sslgd/certkeys.html

 

Its correct?

 

Best regards.

Labels:
0 Helpful
2 Replies 2

ciscocsoc
Level 4
Level 4

‎06-16-2015 01:01 AM

Hi,

 

It depends what you mean by end-to-end SSL. If you mean just passing the SSL traffic through without any additional processing then you don't need the cert/key on the ACE. However the phrase end-to-end, particularly in the ACE manuals means terminate the inbound SSL on the ACE and then re-initiate the SSL to the serverfarm - that is, a combination of SSL termination and SSL initiation. So you will need the cert and the key. 

You need to create an ssl-proxy service object referencing the cert, key and chaingroup to terminate the SSL and another ssl-proxy service object for the ssl client side.

 

HTH

 

Cathy

albertofdez
Level 1
Level 1
In response to ciscocsoc

‎06-16-2015 01:22 AM

Hi Cathy,

 

Thanks for the quick response was what I imagined. Because I need the cert / key because I have to deal with requests.

 

Best regards.

0 Helpful
Customers Also Viewed These Support Documents