Mapping IP addresses to the cryptographic keys

You can map an IP address to a key that you have uploaded, or you can upload a new key file when you set up IP mapping. You can map many SSL keys to one IP mapping.

Before you begin

Before the system can begin decrypting traffic from the IP address, you must enable the key in the Real User Collector.

To map the IP address to the cryptographic key

To perform this procedure, you must have Security-level access. 

Example

Your system is capturing encrypted traffic from the 192.0.2.12 IP address. The task is to map this IP address to the 2_cryptoKey.der cryptographic key that was uploaded previously. Its password is crypt0pa$$.

  1. In the the Real User Collector component, point to Administration > Security settings, and then click Key management.
  2. On the Action menu, click Add new IP mapping.
  3. In the IP box, type the IP address to which you want to map the key (for example, 192.0.2.12).
  4. In the Port box, type the number of the port associated with the IP address (for example, 443).
  5. Click Attach an existing key, and in the Key name box, select the name of the cryptographic key that you want to map to the specified IP address (for example, 2cryptoKey.der).
  6. Click Save.

    The new IP mapping appears in the list of IP mappings. The system begins decrypting traffic from 192.0.2.12 using the 2cryptoKey.der key.

Related topic

Enabling-the-uploaded-key-files

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*