If you use Secure Excelerator to accelerate a secure Web server, you will need to provide the Secure Excelerator service with the trusted root certificates for the certificate authority (CA) that issued the Web server's SSL certificate.
NOTE: Trusted root certificates are also known as CA certificate chains because they often consist of two or more certificates that link together to certify a CA's identity.
By identifying the trusted root certificates in advance for each CA, you will ensure that your Secure Excelerator setup happens quickly and efficiently.
IMPORTANT: Each CA has only one set of trusted root certificates. Therefore, you will need only one set of files for each CA you use.
You must copy the trusted root certificates as you set up Secure Excelerator for an acceleration service that fills from secure Web servers on your network. The appliance must have the trusted root certificates to establish secure connections with the secure Web servers from which it is filling browser requests.
You might already have trusted root certificate files (*.CER) from the certificate authorities who issued certificates for your secure Web servers. If you have the files, skip to Obtaining Appliance Certificates for Each Web Server .
If you don't have the trusted root certificate files for one of your CAs, you must extract them from a Web server whose certificate was issued by the CA.
Complete the steps in Accessing the Certificate Chain and Storing Trusted Root Certificate Files for each CA you use.
Complete the following steps:
Using Internet Explorer, access a secure Web server with a certificate issued by the CA whose trusted root certificates you need.
Double-click the lock icon at the bottom of the browser window.
Click Certification Path.
The last certificate shown in the chain is the Web server certificate. The CA certificate chain is represented by the certificates above this certificate. Therefore, you need to save only the certificates above the Web server certificate.
Select the certificate above the last certificate in the chain, then click > View Certificate > Details.
Continue with Storing Trusted Root Certificate Files .
A CA's trusted root certificate files usually form a chain consisting of more than one certificate. Each certificate is contained in an ASCII text file.
Repeat the following steps until you have saved each certificate file in the certificate chain.
Click Copy to File > Next.
When Copy to File is not available, all certificates in the chain have been saved.
Select Base-64 Encoded x.509 (.CER).
Click Next > Browse.
Select a location for the file.
If you have multiple servers, you might want to create a folder for each server.
In the Filename field, type a unique name to identify the CA and the certificate.
The name can contain up to 8 alphanumeric characters. Do not include the .CER extension.
Click Save > Next > Finish > OK.
Click Certification Path.
Select the next certificate upward in the chain and continue with Step 9.
If there are no more certificates above the one you last saved, the chain has been saved. Click OK, click OK again, then close the browser window.
Click View Certificate > Details.
Repeat this procedure, starting with Step 1.
You will use these files in Configuring the Service to Use Secure Excelerator .