A. Requirements for Client Accelerator as an optimization and SSL agent
•TLS enabled on the server-side SteelHead and the Client Accelerator.
•SSL enabled on the Client Accelerator.
•Secure Peering configured between the Client Accelerator Controller and the Client Accelerator.
B. Requirements for Client Accelerator as an SSL agent:
•TLS enabled on the server-side SteelHead, client-side SteelHead, and the Client Accelerator.
•Secure Peering configured between:
–The client-side SteelHead and the Client Accelerator Controller.
–The client-side SteelHead and the server-side SteelHead.
C. Requirements and compatibility:
This feature requires SteelHead 9.12 or later and Client Accelerator 6.2.2 or later.
Configure SSL in Client Accelerator Controller
Solution Number:
S38706
Last Modified:
2025-04-26
Description
Issue
How to configure SSL in Client Accelerator Controller?
Solution
Configuring the feature:
You must configure this feature using the Client Accelerator Controller.
A. To configure the feature on Client Accelerator:
1.Log in to the Client Accelerator Controller.
2.Choose Manage > Services: Policies and select the policy you want to modify.
3.Select the SSL tab.
4.Under TLS Optimization, select Enable TLS Optimization.
5.Click Update Policy.
6.Choose Administration > SSL Peering and add any peering trust certificates
–For Client Accelerator as an SSL agent, add the client-side SteelHead peering certificate.
–For Client Accelerator as an SSL and optimization agent, add the server-side SteelHead peering certificate.
7.Choose Manage > Policies, and select the same policy which you want to modify.
8.Select the In-Path Rules tab.
9.Select Add a New In-Path Rule.
10.Define an in-path rule for SSL optimization that is similar to an in-path rule on the SteelHead.
** For Client Accelerator as an SSL agent, define the in-path rule as AutoDiscover only.
11.Click Update Policy.
12.Select the SSL tab:
–Ensure that SSL is enabled.
–Confirm that the client-side SteelHead peering certificate is displayed in the Effective List of all the Peering Certificates. If it is not listed, update your SSL peers.
-Confirm that the Client Accelerator Controller's and Server Side Steelhead's peering trust certificate are displayed in the Effective List of all the Peering Certificates.
13.Select the Location Awareness tab and perform these actions:
–Enable latency-based location awareness.
–Increase the latency timeout to accommodate the round trip time (RTT) between the Client Accelerator and the client-side SteelHead.
–Ensure Branch Warming is not enabled.
14.Click Update Policy.
15.Click Save to Disk.
B. To configure the feature on SteelHead:
1.Log in to the SteelHead Management Console.
2.Choose Optimization > SSL: Advanced Settings.
3.Scroll to the bottom of the page, under TLS Blade, select Enable TLS blade.
4.Click Apply.
5.Click Save to Disk to save your configuration.
6.Choose Administration > Maintenance: Services and click Restart.
You must configure this feature using the Client Accelerator Controller.
A. To configure the feature on Client Accelerator:
1.Log in to the Client Accelerator Controller.
2.Choose Manage > Services: Policies and select the policy you want to modify.
3.Select the SSL tab.
4.Under TLS Optimization, select Enable TLS Optimization.
5.Click Update Policy.
6.Choose Administration > SSL Peering and add any peering trust certificates
–For Client Accelerator as an SSL agent, add the client-side SteelHead peering certificate.
–For Client Accelerator as an SSL and optimization agent, add the server-side SteelHead peering certificate.
7.Choose Manage > Policies, and select the same policy which you want to modify.
8.Select the In-Path Rules tab.
9.Select Add a New In-Path Rule.
10.Define an in-path rule for SSL optimization that is similar to an in-path rule on the SteelHead.
** For Client Accelerator as an SSL agent, define the in-path rule as AutoDiscover only.
11.Click Update Policy.
12.Select the SSL tab:
–Ensure that SSL is enabled.
–Confirm that the client-side SteelHead peering certificate is displayed in the Effective List of all the Peering Certificates. If it is not listed, update your SSL peers.
-Confirm that the Client Accelerator Controller's and Server Side Steelhead's peering trust certificate are displayed in the Effective List of all the Peering Certificates.
13.Select the Location Awareness tab and perform these actions:
–Enable latency-based location awareness.
–Increase the latency timeout to accommodate the round trip time (RTT) between the Client Accelerator and the client-side SteelHead.
–Ensure Branch Warming is not enabled.
14.Click Update Policy.
15.Click Save to Disk.
B. To configure the feature on SteelHead:
1.Log in to the SteelHead Management Console.
2.Choose Optimization > SSL: Advanced Settings.
3.Scroll to the bottom of the page, under TLS Blade, select Enable TLS blade.
4.Click Apply.
5.Click Save to Disk to save your configuration.
6.Choose Administration > Maintenance: Services and click Restart.
Environment
Client Acceleator Controller, Server side Steelhead and Client side SteelHead
Related Bugs
Attachments
Related Files
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Can't find an answer? Create a case