After initial SSL server configuration, you can modify server certificate settings under Optimization > SSL Main Settings. You can remove a server certificate, view the server certificate details, change the server certificate and private key, export a certificate, or generate a CSR.

To remove a server certificate, under Bypassed SSL Servers, select the certificate name you want to remove and click Remove Selected.

To change an SSL server certificate, under SSL Server Certificates, select the certificate name, and click Modify. These configuration options are available:

Displays the controls to rename the certificate:

Name specifies the new certificate name.

Change changes the certificate name.

Indicates the existing private key and CA-signed certificate are located in one file. The page expands displaying Private Key and CA-Signed Public Certificate controls for browsing to the key and certificate files or a text box for copying and pasting the key and certificate.

The private key is required regardless of whether you are adding or updating.

Local File browses to the local file.

Text pastes the content of the file.

Decryption Password specifies the password used to decrypt, if necessary.

Change changes the settings.

Indicates the existing private key and CA-signed certificate are located in two files. The page expands displaying Private Key and CA-Signed Public Certificate controls for browsing to the key and certificate files or text boxes for copying and pasting the keys and certificates. A private key is optional for existing server configurations.

Private Key Local File browses to the local file containing the private key.

Private Key Text pastes the private key text.

Local File browses to the local file.

Cert Text pastes the content of the certificate text file.

Decryption Password specifies the password used to decrypt, if necessary.

Change hanges the settings.

Generates a new private key and self-signed public certificate.

Cipher Bits specifies the key length from the drop-down list. The default value is 2048.

Common Name specifies the domain name of the server.

Organization Name specifies the organization name (for example, the company).

Organization Unit Name specifies the organization unit name (for example, the section or department).

Locality specifies the city.

State (no abbreviations) specifies the state.

Country (2-letter code) specifies the country (two-letter code only).

Email Address specifies the email address of the contact person.

Validity Period (Days) specifies how many days the certificate is valid.

Change changes the settings.

To export an SSL server certificate, under SSL Server Certificates, select the certificate name. To export an existing certificate, and click Export. (This option is unavailable if global exporting of SSL server certificates and private keys is disabled from the SSL Main Settings page.) These configuration options are available:

Include Private Key includes the private key in the export.

Password/Password Confirm specifies and confirms the encrypted password if you are including the private key (required if including the key). The password must be at least four characters.

Export exports the SteelHead peering certificate and key.

To generate a Certificate Signing Request (CSR) for an existing SSL server off the current private key, under SSL Server Certificates, select the certificate name, and click Generate CSR. These configuration options are available:

Common Name (required) specifies the common name (hostname) of the peer.

Organization Name specifies the organization name (for example, the company).

Organization Unit Name specifies the organization unit name (for example, the section or department).

Locality specifies the city.

State specifies the state. Do not abbreviate.

Country (2-letter code) specifies the country (two-letter code only).

Email Address specifies the email address of the contact person.

Generate CSR generates the Certificate Signing Request.

To add a chain certificate, under SSL Server Certificates, select the certificate name, and click Chain. These configuration options are available:

Add a New Chain Certificate displays the controls to add a chain certificate.

Use Existing CA uses an existing certificate authority, and then specifies the certificate authority from the drop-down list.

Use New Certificate(s) PEM or DER formats uses a new certificate.

Optional Local Name specifies a local name for the certificate.

Local File browses to the local file.

Cert Text pastes the contents of the certificate text file into the text box.