OpenSSL is bundled with ASE. The following are the version details:
- RHEL 7 : OpenSSL 1.0.2k-fips January 26, 2017
- Ubuntu 16LTS : OpenSSL 1.0.2g March 1, 2016
You can configure SSL in ASE for client side connection using one of the following methods:
- Using a certificate authority (CA)-signed certificate
- Using a self-signed certificate
- Using an existing certificate
The steps provided in this section are for certificate and key generated for connections between the client and ASE as depicted in the following diagram.
In a cluster setup:
- Stop all the ASE cluster nodes.
- Configure the certificate on the management node.
- Start the cluster nodes one by one for the certificates to synchronize across the nodes.
Using a CA-signed certificate
To use a CA-signed SSL certificates, follow the process to create a private key, generate a certificate signing request (CSR), and request a certificate as shown in the following diagram.
ASE internally validates the authenticity of the imported certificate.
To use a CA-signed certificate:
Using a self-signed certificate
A self-signed certificate is also supported for customer testing.
To create a self-signed certificate:
Using an existing certificate and key pair
If you have an intermediate certificate from a CA, then append the content to your server .crt file.
To install an existing certificate: