Solved

SSL Keys on Cisco ASAs

Posted on 2013-01-28
2
177 Views
Last Modified: 2013-03-29
I need to know if the following function is capable on the Cisco ASA. I want to be able to install third party SSL certificates/Keys on the ASA in order to ensure secure (https) connections to respective websites.

Currently the approach we have taken is to install SSL certificates/keys from a third party directly on the server hosting the secure site and then configuring the ASA to allow https traffic to that server. What we would like to do is instead of installing these certificates/keys on the servers directly, install them on the ASA and have it handle the secure connection.

Is this possible? What is it called, so that when I speak to Cisco I am asking for the right thing?

Thanks!!
0
Comment
Question by:dowhatyoudo22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 20

Accepted Solution

by:
rauenpc earned 250 total points
ID: 38828595
This would be called SSL Proxy. I don't believe the ASA supports this except for clientless SSL where the ASA will proxy SSL certs between the client and server via the portal. In your case, the ASA probably can't provide the solution. If someone else knows how, I'd love to find out as well.

Most, if not all, load-balancers can handle SSL proxy the way you described. This is partly because it's a nice feature and mostly because it's a requirement to proxy certificates when the end user is being routed/balanced to multiple servers transparently.

Which load-balancer should you choose and how do you configure this magic box? No clue. I have brochure-level knowledge of these, but i do know that in a previous job the load-balancer specialists were doing this all the time because SSL connections were being balanced among dozens of servers in a very high IO datacenter. I was only involved in the routing and switching surrounding this process and never got to see the guts of the load-balancers.
0
 
LVL 12

Assisted Solution

by:ryan80
ryan80 earned 250 total points
ID: 38828667
This is not possible, unless there have been changes that I am not aware of. You will need a reverse proxy solution to do this.

Something like Microsoft TMG would fill this role. As has already been pointed out, a load balancer can handle this as well. There are many choices depending on your budget, linux options that would only be the price of the hardware, F5, Microsoft, Baracudda, KEMP........

I am using TMG in my environment, so all https connections are proxied through the TMG server. The SSL cert is installed on the web server and the TMG server so the traffic is encrypted all the way through.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question