1. What are the SSL related configuration available under Management center OS.
2. How to verify SSL related configuration of Management center, after backup/restore of full configuration.
Following steps can be used to verify Management center's SSL related configuration after a backup and restore
1. Verify all SSL context profile and its associated settings available with following CLI /SSH commands
localhost# configure terminal
localhost(config)# ssl
localhost(config-ssl)# view ssl-context
This command will display all SSL context profile available within the management center and its associated settings such as CCL (CA certificate list), keyring, TLS version, cipher suites. Note that SSL-contest profile bluecoat-licensing, bluecoat-remote-access, bluecoat-services are read-only. With a backup and restore of the configuration there will not be any change on these profiles. All other SSL context profiles are modifiable and can be restored with backup.
2. Verify all CCLs (CA certificate lists) with following CLI /SSH commands
localhost# configure terminal
localhost(config)# ssl
localhost(config-ssl)# view ccl
Above command will display all CA certificate's list name and its associated CA certificates. Note that CCL - bluecoat-appliance, bluecoat-image-validation, bluecoat-isolation, bluecoat-licensing, bluecoat-services are read-only. With a backup restore no changes will be observed in these CCLs. All other CCL are modifiable and can be restored with the backup file.
3. Verify trust-package settings with following CLI /SSH commands
localhost# show running-config ssl
ssl
trust-package
auto-update enabled
update-interval 7
url https://appliance.bluecoat.com/sgos/trust_package.bctp
!
edit ccl bluecoat-appliance
!
edit ccl bluecoat-image-validation
!
edit ccl bluecoat-isolation
!
edit ccl bluecoat-licensing
!
edit ccl bluecoat-services
!
edit ccl browser-trusted
!
edit ccl client-authentication
!
edit ccl management-center
!
!
If the management center OS is running and older version or upgraded from an older OS such as 2.2.x to 3.3.x, it would display additional information of SSL context profile names with "show running-config ssl" like below
If you are using newly deployed management center with OS 3.3.x , To verify SSL context profile use below CLI / SSH commands
localhost# configure terminal
localhost(config)# ssl
localhost(config-ssl)# view ssl-context
More information on what is included in management center's backup and restore process, can be found here