ACE XML SSL termination

Unanswered Question
Aug 19th, 2009
User Badges:


I have a problem found any guide, which describes SSL termination on ACE Web Application Firewall.

I have terminated outside connection on ACE, then load-balance two WAF. I need terminate SSL after ACE, on WAF.

Can anybody redirect me to any 'howto'? Cisco doc is not clear for me.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sachinga.hcl Thu, 08/20/2009 - 03:02
User Badges:
  • Silver, 250 points or more

Hi MArtin,

Kindly find some links , might be they useful for you:

1. Configure ACE with SSL Termination and URL Rewrite

2. SSL Termination on the Cisco Application Control Engine Without an Existing Chained Certificate and Key in Routed Mode Configuration Example

3. Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting SSL,_Release_A2(x)_--_Troubleshooting_SSL

Sachin garg

Martin Kyrc Thu, 08/20/2009 - 12:34
User Badges:

Hello Sachin,

all this links shows SSL termination on ACE module/appliance. I have no problem with this. I will terminate SSL on 'ACE Web Application Firewall (WAF)' (ACE XML Gateway). I found some design guides and there was described three designs:

1. SSL terminated on ACE module, over WAF clear HTTP

2. SSL through ACE module, SSL terminated on WAF, after WAF clear HTTP

3. SSL over ACE, SSL terminated on WAF and next SSL to server

I need configure design 2.

Reason: I have two context placed on different network location (for example two DMZs) for incomming HTTPS traffic. From both contexts is connection directed to same WAF. It's clear for me terminate SSL on one place (WAF), as on two places (two contexts).



This Discussion