To do so, the appliance generates a substitute certificate that must then be signed by a Certificate Authority (CA).
 |
|
n
|
For a Built-In CA Certificate, the signing authority is Silver Peak.
|
|
•
|
The appliance generates it locally, and each certificate is unique. This is an ideal option for Proof of Concept (POC) and when compliance is not a big concern.
|
|
•
|
To avoid browser warnings, follow up by importing the certificate into the browser from the client-side appliance.
|
|
n
|
For a Custom CA Certificate, the signing authority is the Enterprise CA.
|
|
•
|
If you already have a subordinate CA certificate (for example, an SSL proxy), you can upload it to the Orchestrator and push it out to the appliances. If you need a copy of it later, just download it from here.
|
|
•
|
If this substitute certificate is subordinate to a root CA certificate, then also install the higher-level SSL CA certificates (into the SSL CA Certificates template) so that the browser can validate up the chain to the root CA.
|
|
•
|
If you don't already have a subordinate CA certificate, you can access any appliance's Configuration > SaaS Optimization page and generate a Certificate Signing Request (CSR).
|
|
•
|
Protocol versions: SSLv3, SSLv3.3, TLS1.0, TLS1.1, TLS1.2
|
|
•
|
Key exchanges: RSA, DHE, ECDHE
|
|
•
|
Authentication: RSA
|
|
•
|
Cipher algorithms: RC4, 3DES, AES128, AES256, AES128-GCM, AES256-GCM
|
|
•
|
Message Digests: MD5, SHA, SHA256, SHA284
|
