KEY CONCEPT:
SSL Certificates do not work on its own. It requires the corresponding Key (i.e., the Key used to create the CSR in the first place) to be validated.
The NetCache appliance does not have an SSL Key and Certificate export capability. This is a very important consideration with possible financial impact: any User Certificate (paid for by you to any public Certificate Authority or CA) created from a Certificate Signing Request (CSR) from this NetCache appliance can be used for this device only.
Since this device cannot export out the Key, the new User Certificate cannot be used in any other devices in the network. If there are multiple devices in the network requiring a particular certificate, you could possibly be paying more; one for the SSL cert fo this NetCache appliance and at least one more SSL cert for the other devices.
WORKAROUND:
There is actually no other workaround or fix for this except to NOT use the NetCache appliance to generate the Certificate Signing Request (CSR). Use other network devices, if any, such as F5 BIG-IP, Cisco ASA, and others. Note that although the NetCache appliance cannot export out, it can import in SSL Keys and Certificates.
PERMANENT FIX:
Check with the NetCache website for the latest releases to verify if and when this product limitation is addressed.
No comments:
Post a Comment