Mitigating SSL Attacks Without Private Keys

While most clients trust Nexusguard to look after private keys, some due to regulatory requirements or internal security policies—prefer not to turn over their private key to a third-party vendor.

To address their concern, Nexusguard can make use of separate key pairs to examine SSL-encrypted traffic—one each for the Visitor-to-Nexusguard and Nexusguard-to-Server sessions. The original pair, including the site owner’s private key, is only used in the Nexusguard-to-Server session, so the site owner retains control of the private key.