Configuring SSL for Mobile Controllers : Configuring SSL Bulk Import and Export
  
Configuring SSL Bulk Import and Export
You configure SSL bulk import and export settings in the Configure > SSL > Advanced Settings page.
If you use self-signed peering certificates and have multiple Mobile Controllers (including multiple server-side appliances), you can use the bulk import feature to avoid configuring each peering trust relationship between the pairs of Mobile Controllers.
The bulk data that you import contains the serial number of the exporting Mobile Controller. The Mobile Controller importing the data compares its own serial number with the serial number contained in the bulk data.
The following rules apply to bulk data when importing and exporting the data:
•  Peering Certificate and Key Data - If the serial numbers match, the Mobile Controller importing the bulk data overwrites its existing peering certificates and keys with that bulk data. If the serial numbers do not match, the Mobile Controller importing the bulk data does not overwrite its peering certificate and key.
•  Certificate Authority, Peering Trust, and SSL Server Configuration Data - For all other configuration data, such as certificate authorities, peering trusts, and server configurations (if included), if there is a conflict, the imported configuration data takes precedence (that is, the imported configuration data overwrites any existing configurations).
Note: Bulk data importing operations do not delete configurations; they can only add or overwrite them.
Bulk importing does not require a service restart.
To perform bulk import operations
1. Choose Configure > SSL > Advanced Settings to display the Advanced Settings page.
Figure: Advanced Settings Page
2. Under Bulk Import, complete the configuration as described in this table.
Control
Description
Upload File
Browse to the previously exported bulk file that contains the certificates and keys.
Password to Decrypt
Specify the password used to decrypt the file.
Import Signing Certificate and Key
Import the signing certificate and private key.
Allow import of Signing Certificate and Key from a different Mobile Controller
Import the signing certificate and key from a different Mobile Controller.
Import
Imports your SSL configuration, keys, and certificates, so that all the Mobile Controllers trust one another as peers.
3. Click Save to save your settings permanently.
To perform bulk export operations
1. Select one Mobile Controller (A) and trust all the Mobile Controllers peering certificates. Make sure that you include the peering certificate for Mobile Controller A. For details on configuring trusted peers, see Basic Steps for Configuring SSL Proxy Support.
2. Choose Configure > SSL > Advanced Settings to display the Advanced Settings page.
3. Under Bulk Export, complete the configuration as described in this table.
Control
Description
Password
Specify and confirm the password used for the export file.
Export
Exports your SSL configuration and optionally your server private keys and certificates.
4. Click Save to save your settings permanently.