Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE Question- Using ACE for Verisign Certificate

We currently have 2 ACE modules running in a FT group. There are currenly 3 contexts built and all 3 contexts have the their certs loaded on the servers. I now have a request for a 4th context but in this context they want the certifiacte loaded on the ACE. My questions are:

1) Will this affect the other contexts?

2) How do I handle this in an active/ standby configuration?

3) which is the better way to handle certificates, on the ACE or on the server?

Thanks in advance for any help.

1 REPLY
New Member

Re: ACE Question- Using ACE for Verisign Certificate

1) no. new context is new virtual instance, without application impact to other context (there are some network dependencies routed vs bridged mode if you used it)

2) Do you mean how to configure SSL termination on ACE in active/standby model? You need configure parts of network configuration as active/standby. You must import SSL cert with private keys to both modules/appliances (the same private keys and ssl cert of course). All other configuration is the same (and synced between modules/appliances).

3) ACE has HW acceleration for SSL operation. Servers without SSL can save lot of CPU time. It's better handle SSL termination on ACE.

It's clear now?

martin

186
Views
0
Helpful
1
Replies