Before You Begin
Before You Begin
Using Existing Keys and Certificates
Note
Cisco 11000 Series Secure Content Accelerator Configuration Guide
F-4
•
Use 443 (generally used for SSL transactions) as the SSL TCP service port
and 443 as the clear text port. Configure the server to not use SSL and to
monitor port 443. TCP service port 80 requests are serviced normally.
Use 443 as the SSL TCP service port and 81 (or another unused port) for the
•
clear text port. Configure the server to monitor port 81. TCP service port 80
requests are serviced normally.
All data sent on any other port is passed through transparently in both directions.
Before configuring the SSL appliance you must have a certificate and keys for the
server. You can use the files you received from the Certificate Authority, copy the
keys and certificate from an existing secure server, use default keys and
certificates preloaded in the device, or generate your own keys and certificates.
Additionally, be aware that you must make several changes to your Web pages.
The nature of the changes depends upon whether you are securing a previously
unsecured site, or adding the SSL appliance to an already secure server
installation. These changes are described in section "Web Site Changes" in
Appendix B.
If you already have a secure server, you can transfer the keys and certificate to the
Secure Content Accelerator. Follow the instructions below, or refer to the Web
server software documentation for detailed information.
Key and certificate file names cannot contain spaces and must be
compatible with the server operating system. When prompted either
to name a key or certificate file or check the name of a key or
certificate file, please ensure the names follow these conventions.
Appendix F
SSL Introduction
78-13124-05