This guide shows you how to install an SSL certificate on Radware Alteon, using both the Web Based Management (WBM) console and the command-line interface (CLI). On Alteon, installation has two parts: first you import the private key, server certificate, and intermediate CA into the certificate repository, then you bind them to an SSL policy and a virtual service so the device actually serves the certificate.
Generate a CSR on Alteon
Start with a CSR (Certificate Signing Request), the request you submit to a Certificate Authority to apply for your certificate. You have two options:
- Use our CSR Generator to create the CSR and private key automatically.
- Follow our step-by-step tutorial on how to generate a CSR on Alteon to create it on the device itself.
Submit the CSR to your Certificate Authority during checkout. After the CA validates your request and issues the certificate, continue with the installation below.
Install an SSL certificate on Alteon
After the CA delivers your certificate by email, you will typically have three items in PEM format: your private key (created with the CSR), your server certificate, and the intermediate CA certificate (the chain that links your certificate to the trusted root). You can install them on Alteon through the web console (WBM) or the CLI. Either way, importing the files is only half the job: you also have to bind the certificate and an SSL policy to the virtual service that handles your HTTPS traffic. The two sections below cover each method end to end.
Install an SSL certificate via the web (WBM)
Step 1: Open the SSL section. Log in to Alteon’s Web Based Management console and go to Configuration > Application Delivery > SSL. If SSL is not active yet, enable it (tick Enable SSL). If you manage Alteon centrally through Radware APSolute Vision, the same screens are available under Configuration > Application Delivery > SSL for the selected device.
Step 2: Import the private key. Open Certificate Repository and click Import. Set Type to Key, enter a unique ID (for example, your domain name), and provide the key passphrase if the key is encrypted. Choose Import from Text to paste the PEM contents, or Import from File to upload the key file, then confirm.
Step 3: Import the server certificate. Click Import again, set Type to Certificate, and enter the same unique ID you used for the key. Paste or upload the server certificate in PEM format and confirm. Using one shared ID for the key and the certificate is what links them together.
Step 4: Import the intermediate CA. Click Import once more and set Type to Intermediate CA. Give it its own ID, then paste or upload the intermediate certificate. If your CA supplies more than one intermediate, import each one and group them under Certificate Groups so the full chain is served.
Step 5: Create an SSL policy. Go to SSL Policies and add a policy. Give it a name, confirm front-end SSL is enabled, and set the allowed protocols to TLS 1.2 and TLS 1.3 only (disable SSLv3 and TLS 1.0/1.1). Attach the intermediate CA (or the intermediate group) to the policy so Alteon presents the complete chain.
Step 6: Bind the certificate and policy to the virtual service. Open Configuration > Application Delivery > Virtual Services (or your virtual server’s service list), select the HTTPS service on port 443, and in its SSL settings choose the SSL Policy you created and select your Server Certificate by its ID. This is the step that actually puts the certificate on the wire; without it, the imported files sit unused.
Step 7: Apply and save. Click Apply to activate the changes, then Save to write them to flash so they persist after a reboot.
Note: make sure the private key and the server certificate use the same ID. If they do not match, Alteon cannot pair them and the virtual service will not serve the certificate.
Install an SSL certificate via the CLI
Connect to Alteon over SSH (or console) and log in. The import command walks you through the component type, an ID, and the PEM source:
/cfg/slb/ssl/certs/import
Here is what the interactive prompt looks like when you import the private key. Choose key as the component type, give it an ID, and paste the PEM when prompted:
>> WEBAPPA-B - vADC 3 - Main# /cfg/slb/ssl/certs/import
Enter Component type to import: [key|certificate|cert+key|intermca|trustca|2424sslcfg|crl|trustca-gr] [key]: key
Enter component ID: 5
Import from text or file in PEM format [text|file] [text]:
At the last prompt, pick how you want to supply the PEM data:
- text pastes the certificate contents directly into the terminal.
- file imports a certificate file you have already transferred to the device.
Run the import command three times: once for the key, once for the server certificate (use the same component ID as the key so they pair), and once for the intermca (intermediate CA). For example:
/cfg/slb/ssl/certs/import # type: key, ID: 5
/cfg/slb/ssl/certs/import # type: certificate, ID: 5
/cfg/slb/ssl/certs/import # type: intermca, ID: 6
Next, create an SSL policy and attach the intermediate CA to it. Set the allowed TLS versions to 1.2 and 1.3 while you are here:
/cfg/slb/ssl/sslpol mypolicy
Finally, bind the SSL policy and the server certificate to the HTTPS virtual service. Replace the virtual server ID, policy name, and certificate ID with your own values:
/cfg/slb/virt <virt-ID>/service/ssl/sslpol mypolicy
/cfg/slb/virt <virt-ID>/service/ssl/srvrcert 5
Activate the changes and write them to flash:
apply
save
Your SSL certificate is now installed and served on Alteon. To confirm the chain and expiry the device is presenting, use our SSL Checker against your site’s hostname.
Frequently Asked Questions
In WBM, go to Configuration > Application Delivery > SSL > Certificate Repository and click Import. Import the private key, the server certificate, and the intermediate CA separately, each in PEM format. Use the same ID for the key and the certificate so Alteon pairs them.
Importing the key and certificate into the repository does not put them on the wire. You also have to create an SSL policy and bind both the policy and the server certificate to your HTTPS virtual service. In the CLI that is /cfg/slb/virt <virt-ID>/service/ssl/sslpol <policy> and /cfg/slb/virt <virt-ID>/service/ssl/srvrcert <cert-ID>, followed by apply and save.
Import the intermediate as component type Intermediate CA (or intermca in the CLI) with its own ID, then attach it to the SSL policy. If your CA provides more than one intermediate, import each and combine them in a Certificate Group so Alteon serves the complete chain.
Both work. You can manage SSL directly on the Alteon device through its own WBM console, or centrally through Radware APSolute Vision. The menu path is the same, Configuration > Application Delivery > SSL, and the CLI commands are identical when you connect to the device.
Alteon stages configuration changes until you commit them. Run apply to activate the changes in the running configuration, then save to write them to flash so they survive a reboot. In WBM, use the Apply and Save buttons.
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10


