SSL decryption appliances
Posted on 2013-12-28
I'm just looking for a high level answer. I read that Blue coat recently acquired Netronome SSL appliances. So basically, network administrators can now see inside an SSL packet that traverses the network.
Within any large organization there is a lot of appliance such as vpn, reverse proxies, web proxes, etc that do SSL encryption/decryption with the clients. If the network folks implement an SSL decryption appliance, that would mean that they would have to get the private key from the other appliances that are currently decrypting the SSL, is that correct? So they would have to go into the cisco ASA and pull the private key for the vpn users. They would have to go to the ISA reverse proxy server and pull the private key that is applied to the reverse proxy instances. Is that correct? Or how else would it usually be deployed?