To do so, the appliance generates a substitute certificate that must then be signed by a Certificate Authority (CA). There are two possible signers:
n For a Built-In CA Certificate, the signing authority is Silver Peak.
• The appliance generates it locally, and each certificate is unique. This is an ideal option for Proof of Concept (POC) and when compliance is not a big concern.
• To avoid browser warnings, follow up by importing the certificate into the browser from the client-side appliance.
n For a Custom CA Certificate, the signing authority is the Enterprise CA.
• If you already have a subordinate CA certificate (for example, an SSL proxy), you can upload it to the Orchestrator and push it out to the appliances. If you need a copy of it later, just download it from here.
• If this substitute certificate is subordinate to a root CA certificate, then also install the higher-level SSL CA certificates (into the SSL CA Certificates template) so that the browser can validate up the chain to the root CA.
• If you don't already have a subordinate CA certificate, you can access any appliance's Configuration > SaaS Optimization page and generate a Certificate Signing Request (CSR).
• Protocol versions: SSLv3, SSLv3.3, TLS1.0, TLS1.1, TLS1.2
• Key exchanges: RSA, DHE, ECDHE
• Authentication: RSA
• Cipher algorithms: RC4, 3DES, AES128, AES256, AES128-GCM, AES256-GCM
• Message Digests: MD5, SHA, SHA256, SHA284
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com. |