The Alert Logic® Decryptor (ALD) is a component within the Alert Logic appliance that decrypts network traffic. All TCP traffic must be observed for decryption to succeed.
If your SSL certificates are expired, the Alert Logic Decryptor will ignore the expiration dates. If the Alert Logic Decryptor sees traffic that makes use of an expired certificate, it will still use the corresponding private key to decrypt traffic.
There is no hard limit on the number of certificates that can be loaded on an appliance. The determining factor in how many certificates an appliance can support is the amount of sustained traffic that the appliance inspects and how that impacts appliance memory. Certificates must be looked up during TLS handshakes. Consequently, having several certificates loaded can impact performance when inspecting higher sustained traffic volumes.
Please sign in to leave a comment.