Appendix F SSL Introduction
Introduction to SSL
F-2
Cisco 11000 Series Secure Content Accelerator Configuration Guide
78-13124-05
Introduction to SSL
Secure Sockets Layer (SSL) is an application-level protocol that enables secure
transactions of data through privacy, authentication, and data integrity. It relies
upon certificates, public keys, and private keys.
Certificates are similar to digital ID cards. They prove the identity of the server to
clients. Certificates are issued by Certificate Authorities (CAs) such as VeriSign
®
or Thawte. Each certificate includes the name of the authority that issued it, the
name of the entity to which the certificate was issued, the entity’s public key, and
time stamps that indicate the certificate’s expiration date.
Public and private keys are the ciphers used to encrypt and decrypt information.
While the public key is shared quite freely, the private key is never given out. Each
public-private key pair works together: data encrypted with the public key can
only be decrypted with the private key.
You can configure the Cisco Secure Content Accelerator using either the GUI or
CLI, or through the QuickStart wizard (available through both the CLI and GUI).
The CLI is available through telnet or serial connections.
Port Blocking Mechanism
During configuration you must specify the SSL and clear text (decrypted) TCP
service ports. Cisco Secure Content Accelerator devices monitor the SSL TCP
service port(s) you specify, perform SSL decoding of packets on those ports, then
send the packets to the server via a user-defined TCP clear text service port. All
other network traffic is passed through the appliance transparently.
The clear text TCP service port used for data transfer between the SSL appliance
and the Web server cannot be used for any other data. The SSL appliance blocks
access to the clear text port, protecting your secure data from direct clear test
access.
One result of this port blocking strategy is that you cannot use the same clear text
TCP service port between the SSL appliance and the server for both non-secure
(http:) and decrypted secure data (https:) transfer. Network port traffic received
on the clear text TCP service port is dropped. See the figures below.
Summary of Contents for CSS11501 - 100Mbps Ethernet Load Balancing Device
Page 4: ......
Page 28: ...Figures xxviii Cisco 11000 Series Secure Content Accelerator Configuration Guide 78 13124 05 ...
Page 30: ...Tables xxx Cisco 11000 Series Secure Content Accelerator Configuration Guide 78 13124 05 ...
Page 422: ...Glossary 4 Cisco 11000 Series Secure Content Accelerator Configuration Guide 78 13124 05 ...
Page 432: ...Index 10 Cisco 11000 Series Secure Content Accelerator Configuration Guide 78 13124 04 ...