ACE Load Balancer SSL Certificate Part II: Install the SSL Certificate


ACE Load Balancer SSL Certificate Part II: Install the SSL Certificate


Once you´ve obtained an actual certificate from one of the Certificate Authorities, such as VeriSign or Thawte you may proceed to the certificate implementation.

As you may see on the picture below, the SSL certificate in this architecture ends on the ACE Load Balancer, therefore saving you the time and money needed to implement the certificate on each of the balanced Servers within the Server Farm behind the ACE Load Balancer.


The next step is performed on the Load Balancer, and it consists of identifying the KEY created and described in the first part of this guide. Once the right KEY is identified we need to EXPORT it and save it temporarily (I tend to simply paste it into the advanced hard-to-use Windows feature called "The Notepad").

LB_Active# crypto export CSRPPPREVOLRSAKEY.PEM

Within the same notepad file we should then paste the CERTIFICATE, so that it looks something like this:


-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAsXfx5rMSu+BM6XuE/ewBuhEa9fN57r7hpOmYL5lON5uguR+t
6F9l9h0TKGAF27q2szy/GIvpSvOWCPhEZ1SUB9SAfBpeZM47dCCqyC91GnKTXiVh
5w3YPK2A/WJur3DeHkzI4/4J8joe6G8PJAEgsmVJ6mclQU6EQ5HZhEZ1bQdMaBlY
LKRpRBvcZlIsYcw3mMDM9+9fVZNk3Ew8NA5iwZnjkyyxyJCnumXyxdfXEEK8024n
HVPbwtOMDT6KS4WMrIOZ8xelgHyfig7voqx0gjTffN81kFlAtxMTiuTme4d+OZ/O
K7luaT2arBffM66CGJZOi9fFUj3rSJHblnMZrQIDAQABAoIBAQCOaiLFb47pFeai
t2zSGEKKfo+UL/75iFSrcomeKPiLx2gDJ1j30RaRmmN1Uxlga0WSMH1pxV1BuJf+
Or0p7sWcQvuYm9CENLuhRVXHr83Zm3iHZJhcQs/0YYfRztvkDj8xMY1E6OgyalHD
VNxhmEYU4xOd94f+EHQzhSd47tHs20gP3vWnqFUg6jPQZkxsNVDkOLci13d0aayv
rXbKzFrM1+6FzAzg76Z+omLRD6f5fLOh8/d3UQele6bTYJjZhoYGtQFxWYxavG+M
EhSUyxDu9XohTzIlGKKqBdwkhPWiUB/KStG7VOPwqhdyGdIsd3a/OctmvyCffZtP
KjumtZIBAoGBAN8tCRAS/nOigK4Al2PAftk1ZamqMYjwnKOEQaNnKa2NGjoG4rX+
YJnM4P5shJGPZOQF0T2UwCcNNVvuaVh96B37IscVbancEHXWahzz4hm3ZheMuZnF
y5EQ9xPHTrqsGDHH3c+Wq0MKv5Cs/ttTImXz+5MLUQzaL4wN9lg95xR1AoGBAMuR
8kUbwsqsR4Mo7pdRdtD8HWZN53RcPEyNa1+YJs2JnGxr1qBezfbOFuY8Q1bnkii3
nPG78ChVVsmht54Wq/+lVKJkWOscPbHgfwv4jAVOZegl/wo1MzoIgu4Iva+hTN1B
V1CQCeOwqwQEnwe9m+eKKSC/K6PWOYtTgL8ntWlZAoGAVd9dSlsUn2favZkqp05N
QMSkDomXL8rtapmcLASo68eMXOGDYGW1w9gqhps4001qk7aNUXWoDh6t9mahEFS5
+LdGJXZgUOiFSOIsyGErEZwY41zZmYqbDoGJoImjCH7pfFYcSiD+WviKx19ZXQj7
BmG/3k+PazOU8f35WPDQtnUCgYBoIbwARfcanY3nNeT2WqGgvZZ8YpVnHFdsAVtP
hxEySpZNj8w2NMi+2yUzmNgJeGN3mJUbwrtSpnTCp4q5v3c0SmpEt3gUrFmSx/e1
M+rMPBI88lLH8fbGVNxEzwvY73XWKDp153hnlFOmtoZy+zbo9e+b5K56HHdLIefV
4IYX4QKBgCmbunIgF80jh8KjeTH6fSt46LZqgJTB5DpxCuxKfU52L/3ZEPfDmOxb
7/+GSZA76C7igjbpYl5g47pGf3aMEFHz2T4VfUmWTJ9OCIzYrBRlAxzMJQVIJpPu
Rj5n/iyg4kwUKCgBcQVIRho9PRYmqsqQqC3/xXhSfc6Pcjhw3Q2R
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgIQEQb+49tSPm7wc6cPDoitLTANBgkqhkiG9w0BAQUFADCB
tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTIwNzE4
MDAwMDAwWhcNMTQwNzE5MjM1OTU5WjCBjDELMAkGA1UEBhMCRlIxDjAMBgNVBAgT
BVBBUklTMQ4wDAYDVQQHFAVQQVJJUzEkMCIGA1UEChQbR0lFIEFYQSBURUNITk9M
T0dZIFNFUlZJQ0VTMRgwFgYDVQQLFA9TRVJWSUNFIENPTlRST0wxHTAbBgNVBAMU
FHByZXZvbC5heGEtaXRhbGlhLml0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAsXfx5rMSu+BM6XuE/ewBuhEa9fN57r7hpOmYL5lON5uguR+t6F9l9h0T
KGAF27q2szy/GIvpSvOWCPhEZ1SUB9SAfBpeZM47dCCqyC91GnKTXiVh5w3YPK2A
/WJur3DeHkzI4/4J8joe6G8PJAEgsmVJ6mclQU6EQ5HZhEZ1bQdMaBlYLKRpRBvc
ZlIsYcw3mMDM9+9fVZNk3Ew8NA5iwZnjkyyxyJCnumXyxdfXEEK8024nHVPbwtOM
DT6KS4WMrIOZ8xelgHyfig7voqx0gjTffN81kFlAtxMTiuTme4d+OZ/OK7luaT2a
rBffM66CGJZOi9fFUj3rSJHblnMZrQIDAQABo4IBhDCCAYAwHwYDVR0RBBgwFoIU
cHJldm9sLmF4YS1pdGFsaWEuaXQwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAw
RQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1jcmwudmVyaXNp
Z24uY29tL1NWUlNlY3VyZUczLmNybDBDBgNVHSAEPDA6MDgGCmCGSAGG+EUBBzYw
KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUDURcFlNEwYJ+
HSCrJfQBY9i+eaUwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8v
b2NzcC52ZXJpc2lnbi5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9TVlJTZWN1cmUt
RzMtYWlhLnZlcmlzaWduLmNvbS9TVlJTZWN1cmVHMy5jZXIwDQYJKoZIhvcNAQEF
BQADggEBAHtvROLZir+tNcJbX2q+zI+thJxqXqIX00DV8K7gHCjwqhon+jxRdj8Y
OiybDWHb32Ov5ZwyTVpRUkw64QSrhvpVtjI+q5pil4iE0QA2AtK/G8x3M8gFIaYW
pBBTE7loXfEk6hxVBXcrG13VT0vE60TLyFDvGrFPLAkVx9DhX36HM/gbmgBASEcN
CjE7a+g6eW4CT2fNkPkoE+uV4A4+7DVL7Q8W+ftGvrh6302d06Fkt8N3Ma8rsv0V
vqRzKyeVm6XWu1A+DOCNdUk3Fhpd82twDwfRwzjMqtbAJsXlYA/soBJDzvv3q5nm
Z/2Tgd4J4uGoqFLG3xlKVsGK/Y2ioZc=
-----END CERTIFICATE-----

Then we paste the entire Notepad file contect into the ACTIVE ACE Load Balancer using the command:

LBA_Active# crypto import terminal cisqueros.blogger.com
Please enter PEM formatted data. End with "quit" on a new line.
*** paste the Notepad Content HERE!!! ***

TIP: You have to import the SSL certificate into BOTH of the ACE Balancers (Active and Standby) before you save the configuration

Check the certificates using the command:

LBA_Active# show crypto certificate cisqueros.blogger.com

If you need to delete the old certificate before or after installing a new one, use the following command:

LBA_Active(config)# crypto delete CERTIFICATE_NAME

No comments:

Post a Comment

Most Popular Posts