Installing a proxy certificate in Riverbed for MPLS customers

Follow

Updated:

First, a CSR needs to be generated, according to the region of the MPLS circuit endpoint.

US

  • CN:

                vault.netvoyage.com

 

  • SAN:

                netvoyage.com

                beta.vault.netvoyage.com

                view.vault.netvoyage.com

                betaview.vault.netvoyage.com

                api.vault.netvoyage.com

                upload.vault.netvoyage.com

                ldserver.vault.netvoyage.com

                mail.vault.netvoyage.com

                smtp.vault.netvoyage.com

               

UK

  • CN:

eu.netdocuments.com

 

  • SAN:

netdocuments.com

eu.netdocuments.com

beta-eu.netdocuments.com

betaeu.netdocuments.com

betavieweu.netdocuments.com

email.eu.netdocuments.com

api.eu.netdocuments.com

ndemail-eu.netdocuments.com

ndmail-eu.netdocuments.com

ndthread-eu.netdocuments.com

origin-api.eu.netdocuments.com

origin-eu.netdocuments.com

origin-ndmail-eu.netdocuments.com

origin-vieweu.netdocuments.com

upload.eu.netdocuments.com

vieweu.netdocuments.com

AU

 

  • CN:

au.netdocuments.com

 

  • SAN:

netdocuments.com

au.netdocuments.com

view.au.netdocuments.com

api.au.netdocuments.com

upload.au.netdocuments.com

ldserver.au.netdocuments.com

email.au.netdocuments.com

mail.au.netdocuments.com

beta.au.netdocuments.com

betaview.au.netdocuments.com

 

Find more detail on generating a proxy certificate here: 

https://support.riverbed.com/bin/support/static/hqs5redbo2blgk6d8tlejhstvk/html/fidl3j3el34d14ou0h1hvktt8f/sh_9.1_dg_protocols_html/index.html#page/sh_9.1_dg_protocols/ssl.13.4.html

 

After the CSR has been generated, have it signed by your preferred Certificate Authority. 

 

Next, add the new proxy certificate on the Riverbed through the “Optimization” tab at the top, then click on “SSL Main Settings”

 

 

From the SSL Main Settings page, click on “Add a New SSL Certificate”

 

 

 

 

 

Once proxy cert is installed and clients have started accessing the service through the Riverbeds, you need to trust each of the remote riverbeds as a SSL peer.  This is done here:

 

Under the “Self Signed Peer Gray List”, the remote riverbeds will begin to appear as traffic is initiated through them, if none appear, then traffic has not traversed the Riverbed to get to the service

We need to trust the peer to establish an SSL secure channel between the Riverbeds so the server side riverbed can transmit the cert information to the client side riverbeds.  This allows the client side riverbed to decrypt the traffic, and optimize it, then re-encrypt it with the same cert so the client does not get a cert error. 

 

 

 

Once trusted, it moves it to the “Self Signed White List”

 

 

 

For more detail on SSL optimization on SteelHead appliances, please go here:

https://support.riverbed.com/bin/support/static/hqs5redbo2blgk6d8tlejhstvk/html/fidl3j3el34d14ou0h1hvktt8f/sh_9.1_dg_protocols_html/index.html#page/sh_9.1_dg_protocols/ssl.13.4.html

 

 

Back to Top

Was this article helpful?
0 out of 0 found this helpful
Powered by Zendesk