Certificate authorities (SSL)

Reference: Policy Pages Reference : Optimization policy settings : Certificate authorities (SSL)

SSL is a cryptographic protocol that provides secure communications between two parties over the internet.

Typically, in a web-based application, it is the client that authenticates the server. To identify itself, an SSL certificate is installed on a web server and the client checks the credentials of the certificate to make sure it is valid and signed by a trusted third party. Trusted third parties that sign SSL certificates are called certificate authorities (CA). For detailed information about how SSL works, see the SteelHead User Guide.

A CA is a third-party entity in a network that issues digital certificates and manages security credentials and public keys for message encryption. A CA issues a public key certificate that states that the CA attests that the public key contained in the certificate belongs to the person, organization, server, or other entity noted in the certificate. The CA verifies applicant credentials, so that relying parties can trust the information in the CA certificates. If you trust the CA and can verify the CA signature, then you can also verify that a certain public key does indeed belong to whomever is identified in the certificate.

Before adding a CA, it is critical to verify that it is genuine; a malicious CA can compromise network security by signing fake certificates.

You may need to add a new CA in these situations:

• Your organization has an internal CA that signs the certificates or peering certificates for the back-end server.

• The server certificates are signed by an intermediate or root CA unknown to the appliance (perhaps external to the organization).

• The CA certificate included in the trusted list of the appliance has expired or has been revoked and needs replacing.

You can copy certificates from and existing policy. On the Certificate Authorities (SSL) policy page, select an option from the Copy Page Contents from Policy menu and click OK.

These configuration options are available:

SSL Certificate Authorities Update

Updates the appliance’s Trusted Root Store. Click Update.

Add a New Certificate Authority

• Optional Local Name—Specify the local filename.

• Local File—Browse to the local certificate authority file.

• Cert Text—Paste the certificate authority into the text box and click Add.

Add

Adds the certificate authority.

Certificate Authority

Displays the certificate details.