ACE SSL offload - Existing Certificate (Export and import to ACE)

Unanswered Question
Nov 9th, 2009

Goodday all,

Our customer has migrated from CSM to ACE and would now like to test and imlement SSL offloading. We will test both options (SSL server only plus End-to-End SSL).

My question is around the following:

Customer would like to export existing certificates, keys, etc from servers (have one cert installed on many servers) and have us import these onto the ACE. The servers are however IIS server's and I don't think the ACE supports pfx formats.

So, can these be utilised if they are exported and then converted with something like open ssl or key tools?

Also, would I be correct in assuming we would also need to install and configure intermediate and Root certificates in a chain group?

Any guidance and assitance would be appreciated.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Tue, 11/10/2009 - 00:55

Paul, you can use openssl to extract pem formatted key and cert and import them into your ACE.

You may need to install the intermediate certificate in a chaingroup....ACE does not require it, but client browsers will probably want ACE to send them.


Paul Pinto Tue, 11/10/2009 - 01:07

Thanks for the response Gilles,

Have bit of a challenge regarding openssl (it's not available) at the client. Found an app called portecle, java based, and it seems this may do the job. Will try and let you know.



This Discussion