Installing a proxy certificate in Riverbed for MPLS customers



First, a CSR needs to be generated, according to the region of the MPLS circuit endpoint.


  • CN:



  • SAN:












  • CN:


  • SAN:



  • CN:

  • SAN:



  • CN:


  • SAN:


Find more detail on generating a proxy certificate here:


After the CSR has been generated, have it signed by your preferred Certificate Authority. 


Next, add the new proxy certificate on the Riverbed through the “Optimization” tab at the top, then click on “SSL Main Settings”



From the SSL Main Settings page, click on “Add a New SSL Certificate”






Once proxy cert is installed and clients have started accessing the service through the Riverbeds, you need to trust each of the remote riverbeds as a SSL peer.  This is done here:


Under the “Self Signed Peer Gray List”, the remote riverbeds will begin to appear as traffic is initiated through them, if none appear, then traffic has not traversed the Riverbed to get to the service

We need to trust the peer to establish an SSL secure channel between the Riverbeds so the server side riverbed can transmit the cert information to the client side riverbeds.  This allows the client side riverbed to decrypt the traffic, and optimize it, then re-encrypt it with the same cert so the client does not get a cert error. 




Once trusted, it moves it to the “Self Signed White List”




For more detail on SSL optimization on SteelHead appliances, please go here:



Back to Top

Was this article helpful?
0 out of 0 found this helpful
Powered by Zendesk