CLI: SSL Acceleration

You can use the acceleration ssl command to configure the SSL acceleration settings.

Configure SSL acceleration

acceleration ssl {enable|flush|reset|server}

To enable [or disable] SSL acceleration:

[no] acceleration ssl enable

Configure SSL acceleration servers

To create an SSL server to accelerate with:

acceleration ssl server <server-name>

To configure the SSL server:

acceleration ssl server <server-name> {address|certificate|client-auth-cert|port|revocation|sni|validation}

  • address <address> - Specify the IPv4 address of the server to accelerate to.
  • port <number> - Specify the port number of the application running on the server to accelerate to.
  • sni <sni-extension> - Specify the Server Name Indication (SNI) extension. This command is used when the server has multiple SSL certificates with a SNI specified.
  • certificate <certificate-name> - Select the certificate to use for re-encryption of the SSL session.
  • client-auth-cert <certificate-name> - Select the certificate for client authentication on the SSL server.
  • validation {certificate|none|reject} - Specify the type of validation to apply to the server's certificate.
  • certificate <certificate-name> - Accept specific certificate for validation of the SSL server. SSL Acceleration accepts and processes the connection only if the server's certificate matches the specific certificate named in the Client Auth Certificate field. Otherwise, the connection is not processed.
  • none - Accept any certificate. SSL Acceleration accepts and processes the connection even if the server's SSL certificate is invalid or expired.
  • reject - Reject any certificate. SSL Acceleration does not processes the connection under any circumstances. The connection is still accelerated, but is not SSL accelerated.
  • revocation [none|oscp-aia|ocsp-server] - If validation none is specified, then use this command to specify the revocation type.
  • none - No check is performed. The client auth certificate is used regardless of whether the certificate is revoked or not.
  • oscp-aia - The Online Certificate Status Protocol (OCSP) Authority Information Access (AIA) check is performed. The method uses the location of the authority embedded in the certificate to check for the certificate's revocation status. Note that if the AIA location is not specified in the certificate when this option is chosen, then the certification revoke check will not happen.
  • ocsp-server - The Online Certificate Status Protocol (OCSP) check is performed. This method presents an OCSP Server URI field where you can type the location of the authority to check for the certificate's revocation status.

To reset a disabled SSL acceleration server:

acceleration ssl reset <server-name>

To flush OCSP response cache of the SSL acceleration server:

acceleration ssl flush <server-name>

Viewing SSL acceleration server configuration

To show currently configured SSL acceleration servers:

show acceleration ssl server <server-name>