ACE Question- Using ACE for Verisign Certificate

Unanswered Question
Oct 12th, 2009

We currently have 2 ACE modules running in a FT group. There are currenly 3 contexts built and all 3 contexts have the their certs loaded on the servers. I now have a request for a 4th context but in this context they want the certifiacte loaded on the ACE. My questions are:

1) Will this affect the other contexts?

2) How do I handle this in an active/ standby configuration?

3) which is the better way to handle certificates, on the ACE or on the server?

Thanks in advance for any help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Martin Kyrc Fri, 10/16/2009 - 03:52

1) no. new context is new virtual instance, without application impact to other context (there are some network dependencies routed vs bridged mode if you used it)

2) Do you mean how to configure SSL termination on ACE in active/standby model? You need configure parts of network configuration as active/standby. You must import SSL cert with private keys to both modules/appliances (the same private keys and ssl cert of course). All other configuration is the same (and synced between modules/appliances).

3) ACE has HW acceleration for SSL operation. Servers without SSL can save lot of CPU time. It's better handle SSL termination on ACE.

It's clear now?

martin

Actions

This Discussion