Link Search Menu Expand Document

SSL Certificates Template

Use this page for SSL Certificates when the server is part of your enterprise network and and has its own enterprise SSL certificates and key pairs.

NOTE: To decrypt SSL for SaaS (cloud-based) services, use the SSL for SaaS template.

img

EdgeConnect provides deduplication for Secure Socket Layer (SSL) encrypted WAN traffic by supporting the use of SSL certificates and other keys:

  • EdgeConnect decrypts SSL data using the configured certificates and keys, optimizes the data, and transmits data over an IPSec tunnel. The peer EdgeConnect appliance uses configured SSL certificates to re-encrypt data before transmitting.

  • Peers that exchange and optimize SSL traffic must use the same certificate and key.

  • Use this template to provision a certificate and its associated key across multiple appliances.

    • You can add either a PFX certificate (generally, for Microsoft servers) or a PEM certificate.

    • The default is PEM when PFX Certificate File is deselected.

    • If the key file has an encrypted key, enter the passphrase needed to decrypt it.

  • Before installing the certificates, you must do the following:

    • Configure the tunnels bilaterally for IPSec (or IPSec UDP) mode. To do so, access the Configuration > Networking > Tunnels > Tunnels page, select the tunnel, and for Mode, select IPSec.

    • Verify that TCP acceleration and SSL acceleration are enabled. To do so, access the Configuration > Templates & Policies > Optimization Policies page, and then review the Set Actions.

  • If you choose to be able to decrypt the flow, optimize it, and send it in the clear between appliances, access the System template and select SSL optimization for non-IPSec tunnels.

TIP: For a historical matrix of EdgeConnect and Orchestrator security algorithms, click here.

Back to top

© Copyright 2023 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.