05-13-2010 03:25 AM
Hi people,
I have used ace to create a csr and then send it to verisign and install the signed certificate on ACE so that it acts as ssl-proxy termination.
But now I want to know if it's possible for ACE to create a self signed certificate. (instead of sending it to verisign to sign it).
Can this be done?
thanks,
george
05-14-2010 01:47 PM
HI George,
As far as I know, there is no option to signed your certificates from ACE. You'll have to create keys and certificates on a separate device using openssl and then import them into the ACE module.
09-13-2010 03:01 PM
We've just upgrade our ACE's to A2(3.2) and it looks like this version has a self sigbed cert. Is this legit, similar to the one available on BigIP?
Thanks..
09-14-2010 04:22 AM
The purpose of a certificate is not just to encrypt data.
It is also to authenticate the server - guarantee that you are indeed communicating with the correct server.
A self-signed certificate will achieve part 1 (encryption) bot not guarantee part 2.
Only Certificate Authorities like Verisign can get you a certificate to achieve part2.
Therefore a self-signed certificate is never legitimate !!! Even the BipIP is not a legitimate certificate.
But you can achieve encryption using it.
Gilles.
09-14-2010 12:33 PM
09-15-2010 01:04 AM
you can't sign certificate from ACE.
All you get a sample key/cert.
Do a 'show crypto files' to find them
cisco-sample-cert 1082 PEM Yes CERT
cisco-sample-key 887 PEM Yes KEY
Gilles.
09-15-2010 06:13 AM
I must have mis-understood the previous post. If all there is, is a sample key/cert, then this does me no good. It would be more convenient to sign the cert/key within ACE then have to go to a Linux server for this action.
Regards,
John...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: