Reference: Policy Pages Reference : Optimization policy settings : Server Certificates (SSL)
  
Server Certificates (SSL)
In the Add a New SSL Certificate section, configure the following options:
Import Certificate and Private Key
Imports the certificate and key. The page displays controls for browsing to and uploading the certificate and key files. You can also use the text box to copy and paste a PEM file. The private key is required regardless of whether you’re adding or updating the certificate.
Certificate
Specifies the action:
Upload—Browse to the local file in PKCS-12, PEM, or DER formats.
Paste it here (PEM only)—Copy and then paste the contents of a PEM file.
Private Key
Specifies the private key origin.
The Private Key is in a separate file (see below)—You can either upload it or copy and paste it.
This file includes the Certificate and Private Key
The Private Key for this Certificate was created with a CSR generated on this appliance.
Separate Private Key
Specifies the action:
Upload (PEM or DER formats)—Browse to the local file in PEM or DER formats.
Paste it here (PEM only)—Paste the contents of a PEM file.
Decryption Password
Specifies the decryption password, if necessary. Passwords are required for PKCS-12 files, optional for PEM files, and never needed for DER files.
Import Certificate and Key
Imports the certificate and key.
Generate Self-Signed Certificate and New Private Key
Generates a new private key and self-signed public certificate:
Common name—Specify the common name (hostname) of the peer.
Organization Name—Specify the organization name (for example, the company).
Organization Unit Name—Specify the organization unit name (for example, the section or department).
Locality—Specify the city.
State (no abbreviations)—Specify the state.
Country (2-letter code)—Specify the country (2-letter code only).
Email Address—Specify the email address of the contact person.
Validity Period (Days)—Specify how many days the certificate is valid. The default value is 730.
Private Key Cipher Bits
Specifies the key length from the drop-down list. The default value is 1024.
Generate SCC CA Signed Certificate and New Private Key
Generates a private key and CSR.
To generate a CSR, under Web Certificate, select the Generate CSR tab and complete these configuration options:
Common Name (required)—Specify the common name (hostname) of the peer.
Organization Name—Specify the organization name (for example, the company).
Organization Unit Name—Specify the organization unit name (for example, the section or department).
Locality—Specify the city.
State—Specify the state. Don’t abbreviate.
Country (2-letter code)—Specify the country (2-letter code only).
Email Address—Specify the email address of the contact person.
Validity Period (Days)—Specify how many days the certificate is valid. The default value is 730.
Generate Certs for Bypassed Servers
Generates SCC CA signed certificates for bypassed servers. The SteelHead passes the connection through unoptimized without affecting connection counts