Link Search Menu Expand Document

SSL Certificates Tab

Configuration > Overlays & Security > SSL > SSL Certificates

EdgeConnect provides deduplication for Secure Socket Layer (SSL) encrypted WAN traffic by supporting the use of SSL certificates and other keys.

The SSL Certificates tab summarizes the SSL certificates installed on appliances for decrypting non-SaaS traffic.

  • EdgeConnect decrypts SSL data using the configured certificates and keys, optimizes the data, and transmits data over an IPSec tunnel. The peer EdgeConnect appliance uses configured SSL certificates to re-encrypt data before transmitting.

  • Peers that exchange and optimize SSL traffic must use the same certificate and key.

  • For the SSL certificates to function, the following must also be true:

    • The tunnels are in IPSec or IPSec UDP mode for both directions of traffic.

    • In the Optimization Policy, TCP acceleration and SSL acceleration are enabled.

TIP: For a historical matrix of EdgeConnect and Orchestrator security algorithms, click here.

SSL Certificates Edit Row

Use this page for SSL Certificates when the server is part of your enterprise network and has its own enterprise SSL certificates and key pairs.

NOTE: For SSL decryption of SaaS services, use the Configuration > Overlays & Security > SSL > SSL for SaaS page. Because SaaS servers are external to your enterprise network, the appliance creates a substitute certificate, which then must be signed by a Certificate Authority (CA).

EdgeConnect provides deduplication for Secure Socket Layer (SSL) encrypted WAN traffic by supporting the use of SSL certificates and keys:

  • EdgeConnect decrypts SSL data using the configured certficates and keys, optimizes the data, and transmits data over an IPSec tunnel. The peer EdgeConnect appliance uses configured SSL certificates to re-encrypt data before transmitting.

  • Peers that exchange and optimize SSL traffic must use the same certificate and key.

  • Use this page to directly load the certificate and key into this appliance.

    • You can add either a PFX certificate (generally, for Microsoft servers) or a PEM certificate.

    • The default is PEM when PFX Certificate File is deselected.

    • If the key file has an encrypted key, enter the passphrase needed to decrypt it.

  • Before installing the certificates, you must do the following:

    • Configure the tunnels bilaterally for IPSec mode.

      To do so, access the Configuration > Networking > Tunnels > Tunnels page, select the tunnel, and for Mode, select IPSec.

    • Verify that TCP acceleration and SSL acceleration are enabled.

      To do so, access the Configuration > Templates & Policies > Optimization Policies page, and then review the Set Actions.

TIP: For a historical matrix of EdgeConnect and Orchestrator security algorithms, click here.


Back to top

© Copyright 2025 Hewlett Packard Enterprise Development LP.

For third-party trademark acknowledgements, go to Trademark Acknowledgements. All third-party marks are property of their respective owners.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America