Configuring and using RSA private keys

To process SSL decryption, the NAM Probe needs to use RSA private keys for each monitored server. The keys need to be extracted from the monitored servers and can then be used either as PEM files or be stored on the accelerator card.

Key extraction is described in Extracting Web Server Private SSL Keys.

  • In the case of keys generated with OpenSSL, the keys are already in PEM format. If keys come from a Microsoft IIS or Netscape Web server, they are usually stored in hardware accelerators and must be exported to PEM format.

  • A key can be encrypted with a password. For more information, see Using KPA to make keys available to the NAM Probe process.

SSL decryption can be performed either in the NAM Probe software using OpenSSL or in a hardware SSL accelerator.

  • If SSL decryption is performed in the NAM Probe software, the NAM Probe reads RSA private keys from PEM-encoded disk files during startup.
  • If SSL decryption is performed in a hardware SSL accelerator, the keys may need to be stored in the accelerator card first: after extracting the keys from their servers as PEM-encoded disk files and writing them to the accelerator, the PEM files should be deleted for security reasons.

The commands used for managing—listing, organizing, and storing—keys on an accelerator card are specific to the card and are described in topics dedicated to individual cards: