SSL Certificates Template
Use this page for SSL Certificates when the server is part of your enterprise network and and has its own enterprise SSL certificates and key pairs.
NOTE: To decrypt SSL for SaaS (cloud-based) services, use the SSL for SaaS template.
EdgeConnect provides deduplication for Secure Socket Layer (SSL) encrypted WAN traffic by supporting the use of SSL certificates and other keys:
-
EdgeConnect decrypts SSL data using the configured certificates and keys, optimizes the data, and transmits data over an IPSec tunnel. The peer EdgeConnect appliance uses configured SSL certificates to re-encrypt data before transmitting.
-
Peers that exchange and optimize SSL traffic must use the same certificate and key.
-
Use this template to provision a certificate and its associated key across multiple appliances.
-
You can add either a PFX certificate (generally, for Microsoft servers) or a PEM certificate.
-
The default is PEM when PFX Certificate File is deselected.
-
If the key file has an encrypted key, enter the passphrase needed to decrypt it.
-
-
Before installing the certificates, you must do the following:
-
Configure the tunnels bilaterally for IPSec (or IPSec UDP) mode. To do so, access the Configuration > Networking > Tunnels > Tunnels page, select the tunnel, and for Mode, select IPSec.
-
Verify that TCP acceleration and SSL acceleration are enabled. To do so, access the Configuration > Templates & Policies > Optimization Policies page, and then review the Set Actions.
-
-
If you choose to be able to decrypt the flow, optimize it, and send it in the clear between appliances, access the System template and select SSL optimization for non-IPSec tunnels.
TIP: For a historical matrix of EdgeConnect and Orchestrator security algorithms, click here.