Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Interface
  3. Articles

Exinda CLI: SSL Acceleration

Overview

 

This article provides information on the Exinda CLI command acceleration ssl.

You can use the acceleration ssl command to configure the SSL (Secure Sockets Layer) acceleration settings.

 

Information

 

NOTE:  The following syntax convention is used:
  • {}: Options are enclosed in braces and are separated by '|'.
  • []: Optional keywords are enclosed in brackets.
  • <>: User input is required where variables are enclosed in greater-than and less-than symbols.

 The following table describes the commands used for performing common actions related to acceleration ssl:

Action Description Command

Parameter Description

To enable [or disable] SSL acceleration

 [no] acceleration ssl enable Not Applicable 

To create an SSL server to accelerate with

 acceleration ssl server <server-name> Not Applicable 
To configure the SSL server   acceleration ssl server <server-name> {address|certificate|client-auth-cert|port|sni}
  • address <address> - Specify the IPv4 address of the server to accelerate to.
  • port <number> - Specify the port number of the application running on the server to accelerate to.
  • sni <sni-extension> - Specify the Server Name Indication (SNI) extension. This command is used when the server has multiple SSL certificates with a SNI specified.
  • certificate <certificate-name> - Select the certificate to use for re-encryption of the SSL session.
  • client-auth-cert <certificate-name> - Select the certificate for client authentication on the SSL server.
acceleration ssl server <server-name> validation {certificate|none|reject}

Specify the type of validation to apply to the server's certificate.

  • certificate <certificate-name> - Accept specific certificate for validation of the SSL server. SSL Acceleration accepts and processes the connection only if the server's certificate matches the specific certificate named in the Client Auth Certificate field. Otherwise, the connection is not processed.
  • none - Accept any certificate. SSL Acceleration accepts and processes the connection even if the server's SSL certificate is invalid or expired.
  • reject - Reject any certificate. SSL Acceleration does not process the connection under any circumstances. The connection is still accelerated but is not SSL accelerated.
acceleration ssl server <server-name> revocation [none|oscp-aia|ocsp-server]

If validation none is specified, then use this command to specify the revocation type.

  • none - No check is performed. The client auth certificate is used regardless of whether the certificate is revoked or not.
  • oscp-aia - The Online Certificate Status Protocol (OCSP) Authority Information Access (AIA) check is performed. The method uses the location of the authority embedded in the certificate to check for the certificate's revocation status. Note that if the AIA location is not specified in the certificate when this option is chosen, then the certification revoke check will not happen.
  • ocsp-server - The Online Certificate Status Protocol (OCSP) check is performed. This method presents an OCSP Server URL field where you can type the location of the authority to check for the certificate's revocation status.

To reset a disabled SSL acceleration server

 acceleration ssl reset <server-name> Not Applicable 

To flush OCSP response cache of the SSL acceleration server

 acceleration ssl flush <server-name> Not Applicable 

To show currently configured SSL acceleration servers

 show acceleration ssl server <server-name> Not Applicable 

 

Related Article

CLI commands

 

Back to Top

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments