A jetPACK is a small text file comprising configuration instructions for the EdgeADC. A jetPACK could be anything from a Cipher to a configuration setting. jetPACKS are very easy to create, but please ensure you know what you are doing when you create one. If in any doubt, please email Edgenexus Support.

Anatomy of a Cipher jetPACK

Let’s take a look at a jetPACK.

#!jetpack
[jetnexusdaemon-cipher-No_SSLv3_No_TLSv1_No_TLSv1.1_No_RC4_No_CBC-strong]
Cipher="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:HIGH:!3DES:!aNULL:!MD5:!DSS:!MD5:!aNULL:!EDH:!RC4:!SHA1:!SHA256:!SHA384"
Cipher1=""
Cipher2=""
CipherOptions="NO_SSLv3,NO_TLSv1,NO_TLSv1.1,CIPHER_SERVER_PREFERENCE"
Description="No-TLSv1 No-TLSv1.1 No-SSLv3 No-RC4 No-CBC strong"

jetPACK examples

Strong Ciphers

This will add the ability to choose “Strong Ciphers” from the Cipher options list.
Cipher = ALL:RC4+RSA:+RC4:+HIGH:!DES-CBC3-SHA:!SSLv2:!ADH:!EXP:!ADHexport:!MD5

#!jetpack
[jetnexusdaemon-cipher-No_SSLv3_No_TLSv1_No_RC4_stronger]
Cipher="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:HIGH:!3DES:!aNULL:!MD5:!DSS:!MD5:!aNULL:!EDH:!RC4"
Cipher1=""
Cipher2=""
CipherOptions="NO_SSLv3,NO_TLSv1,CIPHER_SERVER_PREFERENCE"
Description="No-TLSv1 No-SSLv3 No-RC4-stronger"

Anti-Beast

This will add the ability to choose “Anti Beast” from the Cipher Options list.
Cipher = ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

#!update

[jetnexusdaemon-cipher-antiBEAST]
Cipher="ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
CipherOptions="CIPHER_SERVER_PREFERENCE"
CipherSuppressVersionAll=
Description="Anti Beast"

No SSLv3

This will add the ability to choose “No SSLv3” from the Cipher Options list.
Cipher =  ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4

#!update

[jetnexusdaemon-cipher-NOSSLv3]
Cipher="ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4"
Cipher1=""
Cipher2=""
CipherOptions="NO_SSLv3,CIPHER_SERVER_PREFERENCE"
Description="No SSLv3"

No SSLv3 No TLSv1 No RC4

This will add the ability to choose “No-TLSv1 No-SSLv3 No-RC4” from the Cipher Options list.
Cipher =  ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4

#!update

[jetnexusdaemon-cipher-No-SSLv3-No-TLSv1-No-RC4]
Cipher="ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4"
Cipher1=""
Cipher2=""
CipherOptions="NO_SSLv3,NO_TLSv1,CIPHER_SERVER_PREFERENCE"
Description="No-TLSv1 No-SSLv3 No-RC4"

No TLSv1

This will add the ability to choose “NO_TLSv1.1” from the Cipher Options list.
Cipher= ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128: DH+AES:RSA+AESGCM:RSA+AES:HIGH:!3DES:!aNULL:!MD5:!DSS:!MD5:!aNULL:!EDH:!RC4

#!jetpack

[cipher-No-SSLv3-No-TLSv1.0-v1.1-No-RC4-strong] 
Cipher="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:HIGH:!3DES:!aNULL:!MD5:!DSS:!MD5:!aNULL:!EDH:!RC4" 
Cipher1="" 
Cipher2="" 
CipherOptions="NO_SSLv3,NO_TLSv1,NO_TLSv1.1,CIPHER_SERVER_PREFERENCE" 
Description="No-TLSv1 v1.1 No-SSLv3 No-RC4-strong"

Below is a list of Ciphers and the method for uploading what we refer to as jetPACK. Each Cipher is a text module and must be saved to your local computer as a text file using a plain text editor such as Notepad or Visual Code Editor. Do not use editors such as Word, etc., to do this, as they add hidden characters that will disrupt the ADC and may require advanced support. Remember to give it an appropriate name when you save it with an extension of .txt.

Uploading a jetPACK

Please follow the instructions below to upload the jetPACK.

• Log into the ADC using admin credentials.
• Navigate to Advanced > Configuration.

• Click the Browse button.
• Navigate to, and open the jetPACK you need.
• Click the Upload Config or jetPACK button.
• The jetPACK will now be uploaded and available from the IP Services > Real Servers > Advanced Tab

You can find more information in the jetPACKs article.

• This process must be planned and take great care when acting, or it can lead to unplanned downtime and error messages being shown to the user.
• Let’s assume you have an SSL certificate that you have created or imported in that you have named “Web_Certificate”, and it is nearing its expiry date.

Importing a brand new SSL certificate manually ordered

Please follow the steps below to import the new SSL certificate that you have received from the Trusted Authority.

• In version 4.x of the ADC we only support import of PFX format certificates. If your certificate authority has provided you a certificate in any other format, please make sure you convert it to PFX format. You can do this by using tools found online, such as The SSL Store, or using an OpenSSL commands depending on what format your certificate is. See Digicert.
• Select your existing SSL Certificate from the list of certificates.
• This is VERY IMPORTANT.
• DO NOT CLICK THE RENEW BUTTON after selecting your existing certificate from the list.

IMPORTANT – WHEN IMPORTING THE NEW SSL REMEMBER TO GIVE A NEW NAME.

• Import the new SSL certificate and give it a new name, say Web_Certificate_2
• The next stage is to replace the existing SSL certificate attached to the Virtual Service.

At this stage you will need to plan for some short amount downtime as you perform the replacement,

• Click on the Virtual Service you wish to change.
• Navigate to the Basic tab
• Select the new SSL certificate you just imported in for either the Virtual Service or Real Server, or both.
• Click update and test.
• If all works as expected, you can now open the Virtual Service for use.

All Apps and software updates downloaded are secured through industry-grade encryption and are relevant to the particular ADC whose Machine ID has been provided.

As such, potential threat players cannot deliver compromised Apps to the user for integration into the ADC.

For versions prior to 4.3.x

• Navigate to Library > SSL Certificates
• Scroll down to Import Single Certificate
• NOTE: In all versions prior to 4.3.x, the EdgeADC only supports PFX import.
• Provide a name for the certificate – this is only for use in the ADC for selection and listing.
• Click Browse and locate the PFX file.
• Provide the password for the PFX certificate.
• Click Import.
• The certificate will be imported and stored in the ADC.

For versions after 4.3.x

• Navigate to Library > SSL Certificates.
• Click on the Import button.
• This will bring up a form similar to the one shown in the image above.
• NOTE: Certificate formats supported are now: .CER, .PFX, .PEM and .DER.
• Click browse, and locate the certificate file.
• In the case of a PFX file, provide the certificate password.
• You can also provide a Secret Key file should it be needed.
• Click the Import button.
• The certificate will be imported and stored in the ADC.

Navigate to Library > SSL Certificates and you will see the SSL Manager.

Version below 4.3

In versions prior to 4.3.x the ability to create a CSR or self-signed certificate looked something like the image below:

Follow the simple steps to create your own self-signed SSL certificate:

1. Fill in the details in the form.
2. Remember that CSRs do not have a Period of validity
3. Click Create Local Certificate or Create Certificate request.
4. A The appropriate certificate or CSR will be created and be available in the certificate store, or for download.
5. You can put it to use immediately.

Version 4.3 and above

In versions and later, the SSL management has been much improved. For the best information read the appropriate administrator guide.

The new SSL Manager looks something like the image below.

Creation of a self-signed SSL is almost the same.

• Click the Create Request button
• The form for the Self-Signed Certificate/CSR is displayed in the lower panel.

• Fill out the form and click Create Certificate or Create CSR.
• As in the earlier versions, the CSR or Certificate is created.

Imagine a traffic dispatcher with a multilingual megaphone. Clients (cars) shout their destination (website) when they arrive. The dispatcher (load balancer) listens for a hidden code (SNI) whispered within that shout. Based on this code, the dispatcher directs each car (client) to the correct lane (web server) with the matching sign (certificate), ensuring a smooth, secure journey.

In the example above:

1. The Client initiates an HTTPS connection to a domain name, like “test.com”.
2. The Load Balancer receives the request and examines the SNI header. This header contains the hostname (take crm in our diagram) the client is trying to reach.
3. Based on the hostname in the SNI header, the load balancer selects the corresponding server certificate. It has certificates for multiple web servers behind it (Server 1, Server 2, etc.).
4. The load balancer then forwards the request to the appropriate server. The server presents the client with the matching certificate to establish a secure connection.

See an example setting below:

NOTE: The Service Type should be set to Layer 7.

There are two SSL settings available within the tab.

1. Virtual Service SSL Certificate
2. Real Server SSL Certificate

The Virtual Service SSL Certificate menu allows you to select the certificate that will be used for the Virtual Service. This is a multi-selection menu, allowing you to select multiple SSL certificates for the same Virtual Service.

The Real Server SSL Certificate menu allows you to select the certificate that you want to use for the Real servers. When Re-Encrypting you will need to set the Real Server SSL Certificate to an appropriate value. This could be the same SSL certificate that was selected for the Virtual Service, or it could be something different.

The setting may look something like the one below:

When you use a different certificate for the Virtual Service and Real Servers, it could look like this:

To do this, you need to configure it in the Basic Tab of the Virtual Service. This is located in the Real Servers section.

NOTE: The Service Type should be set to Layer 7.

There are two SSL settings available within the tab.

1. Virtual Service SSL Certificate
2. Real Server SSL Certificate

The Virtual Service SSL Certificate menu allows you to select the certificate that will be used for the Virtual Service. This is a multi-selection menu, allowing you to select multiple SSL certificates for the same Virtual Service.

The Real Server SSL Certificate menu allows you to select the certificate that you want to use for the Real servers. You will note that there is a built-in value of No SSL. This is used when you wish to offload.

The setting may look something like the image below.

Setting the Real Server SSL Certificate menu to No SSL will enable SSL Offload.