Can ACE produce a self signed certificate?

Unanswered Question
May 13th, 2010

Hi people,

I have used ace to create a csr and then send it to verisign and install the signed certificate on ACE so that it acts as ssl-proxy termination.

But now I want to know if it's possible for ACE to create a self signed certificate. (instead of sending it to verisign to sign it).

Can this be done?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
sachinga.hcl Fri, 05/14/2010 - 13:47

HI George,

As far as I know, there is no option to signed your certificates from ACE.  You'll have to create keys and certificates on a separate device using openssl and then import them into the ACE module.

axfalk Mon, 09/13/2010 - 15:01

We've just upgrade our ACE's to A2(3.2) and it looks like this version has a self sigbed cert. Is this legit, similar to the one available on BigIP?


Gilles Dufour Tue, 09/14/2010 - 04:22

The purpose of a certificate is not just to encrypt data.

It is also to authenticate the server - guarantee that you are indeed communicating with the correct server.

A self-signed certificate will achieve part 1 (encryption) bot not guarantee part 2.

Only Certificate Authorities like Verisign can get you a certificate to achieve part2.

Therefore a self-signed certificate is never legitimate !!! Even the BipIP is not a legitimate certificate.

But you can achieve encryption using it.


Gilles Dufour Wed, 09/15/2010 - 01:04

you can't sign certificate from ACE.

All you get a sample key/cert.

Do a 'show crypto files' to find them

cisco-sample-cert                        1082  PEM     Yes        CERT
cisco-sample-key                         887   PEM     Yes         KEY



This Discussion