Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2844
Views
6
Helpful
6
Replies

Can ACE produce a self signed certificate?

g.eleftheriou
Level 1
Level 1

‎05-13-2010 03:25 AM

Hi people,

I have used ace to create a csr and then send it to verisign and install the signed certificate on ACE so that it acts as ssl-proxy termination.

But now I want to know if it's possible for ACE to create a self signed certificate. (instead of sending it to verisign to sign it).

Can this be done?

thanks,

george

Labels:
0 Helpful
6 Replies 6

sachinga.hcl
Level 4
Level 4

‎05-14-2010 01:47 PM

HI George,

As far as I know, there is no option to signed your certificates from ACE.  You'll have to create keys and certificates on a separate device using openssl and then import them into the ACE module.

http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Without_an_Existing_Chained_Certificate_and_Key_in_Routed_Mode_Configuration_Example#Using_OpenSSL_to_Generate_a_Self_Signed_Certificate

axfalk
Level 1
Level 1
In response to sachinga.hcl

‎09-13-2010 03:01 PM

We've just upgrade our ACE's to A2(3.2) and it looks like this version has a self sigbed cert. Is this legit, similar to the one available on BigIP?

Thanks..

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to axfalk

‎09-14-2010 04:22 AM

The purpose of a certificate is not just to encrypt data.

It is also to authenticate the server - guarantee that you are indeed communicating with the correct server.

A self-signed certificate will achieve part 1 (encryption) bot not guarantee part 2.

Only Certificate Authorities like Verisign can get you a certificate to achieve part2.

Therefore a self-signed certificate is never legitimate !!! Even the BipIP is not a legitimate certificate.

But you can achieve encryption using it.

Gilles.

0 Helpful

jteixido
Level 1
Level 1
In response to axfalk

‎09-14-2010 12:33 PM

axfalk,

Could you please post the syntax on how to self sign a cert in ACE?

Regards,

John...

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to jteixido

‎09-15-2010 01:04 AM

you can't sign certificate from ACE.

All you get a sample key/cert.

Do a 'show crypto files' to find them

cisco-sample-cert                        1082  PEM     Yes        CERT
cisco-sample-key                         887   PEM     Yes         KEY

Gilles.

jteixido
Level 1
Level 1
In response to Gilles Dufour

‎09-15-2010 06:13 AM

I must have mis-understood the previous post. If all there is, is a sample key/cert, then this does me no good. It would be more convenient to sign the cert/key within ACE then have to go to a Linux server for this action.

Regards,

John...

0 Helpful
Customers Also Viewed These Support Documents