Configuring SSL Certificate Authorities
You add SSL certificate authorities (CA) in the Configure > SSL > Certificate Authorities page.
A CA is a third-party entity in a network that issues digital certificates and manages security credentials and public keys for message encryption. A CA issues a public key certificate that states the CA attests that the public key contained in the certificate belongs to the person, organization, server, or other entity noted in the certificate. The CA verifies applicant credentials, so that relying parties can trust the information in the CA certificates. If you trust the CA and can verify the CA signature, you can also verify that a certain public key does indeed belong to whomever is identified in the certificate.
Note: With the Client Authorization Certification (CAC) feature (Release 4.6 and later), clients can be certified using a variety of authentication certificates, depending on the browser or application they are using to connect to the SSL server.
Each certificate can serve a specific function, such as Key Exchange or Signature. For the Mobile Controller to successfully optimize traffic, the recommended certificate function is Key Exchange.
However, based on the inherent Windows-based cryptography settings (the Cryptographic Service Provider [CSP] installed on the Windows client) the certificate with the Signature function can also be used for authentication. Thus, the Mobile Controller can successfully optimize traffic with the Signature authorization certificate. This optimization is controlled by the host machine and the host machine settings.
Note: Before adding a CA, it is critical to verify that it is genuine; a malicious CA can compromise network security by signing fake certificates.
To add SSL certificate authorities
1. Choose Configure > SSL > Certificate Authorities to display the Certificate Authorities page.
Figure: Certificate Authorities Page
2. Under Certificate Authorities, complete the configuration as described in this table.
Control | Description |
Add a New Certificate Authority | Optional Local Name (ignored if importing multiple certificates) - Specify the local name. |
Local File - Browse to the local certificate authority file. |
Cert Text - Paste the certificate authority into the text box and click Add. |
Add | Adds the certificate authority. |
Remove Selected | Select the check box next to the name and click Remove Selected. |
3. Click Save to save the settings permanently.
Note: Select the Certificate Authority name to display details.