Encrypted SSL Key Setup
To decrypt SSL connections, customers must provide the DNCA software with their valid SSL keys.
Note: Typically, SSL private keys are provided in PEM format and are
converted for use in the DNCA. Before you begin, verify that any PEM
file that you are planning to convert contains the RSA private key
and nothing else. For example, it must not contain the certificate
and the Bad Attribute information.
- PEM files that are containing extra data can still be converted and added to the DNCA. However, SSL key traffic fails to be properly decrypted by the DNCA by using these keys, and no errors or warnings are issued by the application.
This section describes how to prepare your valid SSL keys for use and then to load them into the DNCA.
- Auto-convert: You can allow the DNCA to automatically convert clear-text PEM files to encrypted PTL keys on the DNCA server. These keys are then automatically loaded into the DNCA for use. There are some limitations on configuration of this process see Automatic Conversion of SSL Keys.
- Manual conversion: If you want to control each step of the conversion process, you can follow the manual conversion steps. See Steps to Manually Convert SSL Keys.