Installing a proxy certificate in Riverbed for MPLS customers
First, a CSR needs to be generated, according to the region of the MPLS circuit endpoint.
US
- CN:
vault.netvoyage.com
- SAN:
netvoyage.com
beta.vault.netvoyage.com
view.vault.netvoyage.com
betaview.vault.netvoyage.com
api.vault.netvoyage.com
upload.vault.netvoyage.com
ldserver.vault.netvoyage.com
mail.vault.netvoyage.com
smtp.vault.netvoyage.com
UK
- CN:
eu.netdocuments.com
- SAN:
netdocuments.com
eu.netdocuments.com
beta-eu.netdocuments.com
betaeu.netdocuments.com
betavieweu.netdocuments.com
email.eu.netdocuments.com
api.eu.netdocuments.com
ndemail-eu.netdocuments.com
ndmail-eu.netdocuments.com
ndthread-eu.netdocuments.com
origin-api.eu.netdocuments.com
origin-eu.netdocuments.com
origin-ndmail-eu.netdocuments.com
origin-vieweu.netdocuments.com
upload.eu.netdocuments.com
vieweu.netdocuments.com
DE
- CN:
de.netdocuments.com
- SAN:
netdocuments.com
de.netdocuments.com
beta-de.netdocuments.com
mail.de.netdocuments.com
api.de.netdocuments.com
upload.de.netdocuments.com
viewde.netdocuments.com
AU
- CN:
au.netdocuments.com
- SAN:
netdocuments.com
au.netdocuments.com
view.au.netdocuments.com
api.au.netdocuments.com
upload.au.netdocuments.com
ldserver.au.netdocuments.com
email.au.netdocuments.com
mail.au.netdocuments.com
beta.au.netdocuments.com
betaview.au.netdocuments.com
Find more detail on generating a proxy certificate here:
After the CSR has been generated, have it signed by your preferred Certificate Authority.
Next, add the new proxy certificate on the Riverbed through the “Optimization” tab at the top, then click on “SSL Main Settings”
From the SSL Main Settings page, click on “Add a New SSL Certificate”
Once proxy cert is installed and clients have started accessing the service through the Riverbeds, you need to trust each of the remote riverbeds as a SSL peer. This is done here:
Under the “Self Signed Peer Gray List”, the remote riverbeds will begin to appear as traffic is initiated through them, if none appear, then traffic has not traversed the Riverbed to get to the service
We need to trust the peer to establish an SSL secure channel between the Riverbeds so the server side riverbed can transmit the cert information to the client side riverbeds. This allows the client side riverbed to decrypt the traffic, and optimize it, then re-encrypt it with the same cert so the client does not get a cert error.
Once trusted, it moves it to the “Self Signed White List”
For more detail on SSL optimization on SteelHead appliances, please go here: