• Enable SSL in policies—You can enable TLS in your endpoint policies. For details, see About policy settings for HTTPS/TLS.

• Create SSL peering relationships—You can create peering relationships between the controllers and the SteelHeads in your network. You must have a trusted peer relationship to create these clusters. For details about controller clusters, see To configure TLS peering.

• View certificate detail—You can view the current controller certificate details. For details, see To view signing CA details.

• Add chain certificates—If your organization uses internal CAs to sign its TLS server certificates, you must import each of the certificates (in the chain) onto the controller. For details, see To add a chain certificate.

• View certificates in Privacy Enhanced Mail (PEM) format—You can view the certificate in Privacy Enhanced Mail (PEM) format. For details, see To view a CA in PEM format.

• Replace (import) certificates—By default, the controller ships with a default peer certificate. We recommend that you replace the default peer certificate with a certificate with a matching common name and security parameters (key length). For details, see To replace a SteelHead Mobile signing CA.

• Export certificates—You can export the signing CA of the controller to the peer SteelHead and then import it to establish the peer relationship. For details, see To export an existing certificate.

• Generate certificate signing requests (CSR)—You can generate a CSR for the current private key. For details, see To generate a CSR.