Configuring HTTPS/TLS : Configuring HTTPS/TLS bulk import and export
  
Configuring HTTPS/TLS bulk import and export
You configure HTTPS/TLS bulk import and export settings in the Administration > SSL: Advanced Settings page.
If you use self-signed peering certificates and have multiple controllers (including multiple server-side appliances, such as SteelHeads), you can use the bulk import feature to avoid configuring each peering trust relationship between the pairs of controllers and server-side appliances.
The bulk data that you import contains the serial number of the exporting controllers. Controllers importing the data compare its own serial number with the serial number contained in the bulk data.
These rules apply to bulk data when importing and exporting the data:
Peering Certificate and Key Data—If the serial numbers match, the controller importing the bulk data overwrites its existing peering certificates and keys with that bulk data. If the serial numbers don’t match, the controller importing the bulk data does not overwrite its peering certificate and key.
Certificate Authority, Peering Trust, and SSL Server Configuration Data—For all other configuration data, such as certificate authorities, peering trusts, and server configurations (if included), if there is a conflict, the imported configuration data takes precedence (that is, the imported configuration data overwrites any existing configurations).
Bulk data importing operations don’t delete configurations; they can only add or overwrite them.
Bulk importing does not require a service restart.
To perform bulk import operations
1. Choose Administration > SSL: Advanced Settings to display the Advanced Settings page.
2. Under Bulk Import, complete the configuration using these controls:
Upload File—Browse to the previously exported bulk file that contains the certificates and keys.
Password to Decry—Specify the password used to decrypt the file.
Import Signing Certificate and Key—Import the signing certificate and private key.
Allow import of Signing Certificate and Key from a different controller—Import the signing certificate and key from a different controller.
Import—Imports your TLS configuration, keys, and certificates, so that all the controllers trust one another as peers.
3. Click Save to Disk to save your settings permanently.
To perform bulk export operations
1. Select one Client Accelerator Controller and trust all peering certificates. Make sure that you include the peering certificate for that controller. For details on configuring trusted peers, see Basic steps for configuring HTTPS/TLS proxy support.
2. Choose Administration > SSL: Advanced Settings to display the Advanced Settings page.
3. Under Bulk Export, complete the configuration using these controls:
Password—Specify and confirm the password used for the export file.
Export—Exports your SSL configuration and optionally your server private keys and certificates.
4. Click Save to Disk to save your settings permanently.