SSL Certificates Tab

Configuration > SSL Certificates

Silver Peak provides deduplication for Secure Socket Layer (SSL) encrypted WAN traffic by supporting the use of SSL certificates and keys.

This report summarizes the SSL certificates installed on appliances for decrypting non-SaaS traffic.

n	Silver Peak decrypts SSL data using the configured certificates and keys, optimizes the data, and transmits data over an IPSec tunnel. The peer Silver Peak appliance uses configured SSL certificates to re-encrypt data before transmitting.

n	Peers that exchange and optimize SSL traffic must use the same certificate and key.

n	Silver Peak supports:

•	X509 Privacy Enhanced Mail (PEM), Personal Information Exchange (PFX, generally for Microsoft servers), and RSA key 1024-bit and 2048-bit certificate formats.

•	SAN (Subject Alternative Name) certificates. SAN certificates enable sharing of a single certificate across multiple servers and services.

n	Silver Peak appliances support:

•	Protocol versions: SSLv3, SSLv3.3, TLS1.0, TLS1.1, TLS1.2

•	Key exchanges: RSA, DHE, ECDHE

•	Authentication: RSA

•	Cipher algorithms: RC4, 3DES, AES128, AES256, AES128-GCM, AES256-GCM

•	Message Digests: MD5, SHA, SHA256, SHA284

n	For the SSL certificates to function, the following must also be true:

•	The tunnels are in IPSec mode for both directions of traffic.

•	In the Optimization Policy, TCP acceleration and SSL acceleration are enabled.

Tip For a historical matrix of SSL/TLS versions and ciphers for VXOA releases, click here.

Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com.