Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACE SSL offload - Existing Certificate (Export and import to ACE)

Goodday all,

Our customer has migrated from CSM to ACE and would now like to test and imlement SSL offloading. We will test both options (SSL server only plus End-to-End SSL).

My question is around the following:

Customer would like to export existing certificates, keys, etc from servers (have one cert installed on many servers) and have us import these onto the ACE. The servers are however IIS server's and I don't think the ACE supports pfx formats.

So, can these be utilised if they are exported and then converted with something like open ssl or key tools?

Also, would I be correct in assuming we would also need to install and configure intermediate and Root certificates in a chain group?

Any guidance and assitance would be appreciated.



Cisco Employee

Re: ACE SSL offload - Existing Certificate (Export and import to

Paul, you can use openssl to extract pem formatted key and cert and import them into your ACE.

You may need to install the intermediate certificate in a chaingroup....ACE does not require it, but client browsers will probably want ACE to send them.


Community Member

Re: ACE SSL offload - Existing Certificate (Export and import to

Thanks for the response Gilles,

Have bit of a challenge regarding openssl (it's not available) at the client. Found an app called portecle, java based, and it seems this may do the job. Will try and let you know.


CriarFaça o para criar o conteúdo