Enables SSL optimization, which accelerates encrypted traffic on secure ports (HTTPS). This command can be used only after you have generated or imported a server.

Must be enabled on both the client-side and server-side SteelHeads for SSL traffic to be optimized.

None

RiOS 6.0 and later simplifies the SSL configuration process because it eliminates the need to add each server certificate individually. Prior to v6.0 or later, you need to provide an IP address, port, and certificate to enable SSL optimization for a server. In RiOS v 6.0 and later, you need only add unique certificates to a Certificate Pool on the server-side SteelHead. When a client initiates an SSL connection with a server, the SteelHead matches the common name of the servers certificate with one in its certificate pool. If it finds a match, it adds the server name to the list of discovered servers that are optimizable and all subsequent connections to that server are optimized.

If it does not find a match, it adds the server name to the list of discovered servers that are bypassed and all subsequent connections to that server are not optimized.

The SteelHead supports RSA private keys for peers and SSL servers.

When you configure the back-end server proxy certificate and key on the server-side SteelHead, if you choose not to use the actual certificate for the back-end server and key, you can use a self-signed certificate and key or another CA-signed certificate and key. If you have a CA-signed certificate and key, import it.

If you do not have a CA-signed certificate and key, you can add the proxy server configuration with a self-signed certificate and key, back up the private key, generate CSR, have it signed by a CA, and import the newly CA-signed certificate and the backed up private key.

To back up a single pair of certificate and key (that is, the peering certificate and key pair and a single certificate and key for the server) use the Export (in PEM format only) option. Make sure you check Include Private Key and enter the encryption password. Save the exported file that contains the certificate and the encrypted private key. For detailed information, see the SteelHead Management Console User’s Guide.

You can also simply use the generated self-signed certificate and key, but it might be undesirable because the clients by default do not trust it, requiring action from the end-users.

For detailed information about the basic steps for configuring SSL, see the Management Console online help or the SteelHead Management Console User’s Guide.

The no command option disables SSL module support.

SteelHead CX, SteelHead EX, SteelHead-v, SteelHead-c