SSL Certificates Template

Use this page for SSL Certificates when the server is part of your enterprise network and and has its own enterprise SSL certificates and key pairs.

NOTE: To decrypt SSL for SaaS (cloud-based) services, use the SSL for SaaS template.

img

EdgeConnect provides deduplication for Secure Socket Layer (SSL) encrypted WAN traffic by supporting the use of SSL certificates and other keys:

  • EdgeConnect decrypts SSL data using the configured certificates and keys, optimizes the data, and transmits data over an IPSec tunnel. The peer EdgeConnect appliance uses configured SSL certificates to re-encrypt data before transmitting.

  • Peers that exchange and optimize SSL traffic must use the same certificate and key.

  • Use this template to provision a certificate and its associated key across multiple appliances.

    • You can add either a PFX certificate (generally, for Microsoft servers) or a PEM certificate.

    • The default is PEM when PFX Certificate File is deselected.

    • If the key file has an encrypted key, enter the passphrase needed to decrypt it.

  • Before installing the certificates, you must do the following:

    • Configure the tunnels bilaterally for IPSec (or IPSec UDP) mode. To do so, access the Configuration > Networking > Tunnels > Tunnels page, select the tunnel, and for Mode, select IPSec.

    • Verify that TCP acceleration and SSL acceleration are enabled. To do so, access the Configuration > Templates & Policies > Optimization Policies page, and then review the Set Actions.

  • If you choose to be able to decrypt the flow, optimize it, and send it in the clear between appliances, access the System template and select SSL optimization for non-IPSec tunnels.

TIP: For a historical matrix of EdgeConnect and Orchestrator security algorithms, view the Security Algorithms PDF.