Link Search Menu Expand Document

SSL for SaaS Template

To fully compress SSL traffic for a SaaS service, the appliance must decrypt it and then re-encrypt it.

To do so, the appliance generates a substitute certificate that then must be signed by a Certificate Authority (CA).


There are two possible signers:

  • For a Built-In CA Certificate, the signing authority is Aruba.

    • The appliance generates it locally, and each certificate is unique. This is an ideal option for Proof of Concept (POC) and when compliance is not a big concern.

    • To avoid browser warnings, follow up by importing the certificate into the browser from the client-side appliance.

  • For a Custom CA Certificate, the signing authority is the Enterprise CA.

    • If you already have a subordinate CA certificate (for example, an SSL proxy), you can upload it to Orchestrator and push it out to the appliances. If you need a copy of it later, just download it from here.

    • If this substitute certificate is subordinate to a root CA certificate, also install the higher-level SSL CA certificates (into the SSL CA Certificates template) so that the browser can validate up the chain to the root CA.

    • If you do not already have a subordinate CA certificate, you can access any appliance’s Configuration > Templates & Policies > Applications & SaaS > SaaS Optimization page and generate a Certificate Signing Request (CSR).

TIP: For a historical matrix of EdgeConnect and Orchestrator security algorithms, click here.

Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America