11-3
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
11






Configuring

SSL
Summary
of

SSL

Configuration

Tasks


Your
policy

map

is

configured

to

define

the

SSL

session
parameters
and

client/server
authentication
tools,
such

as

the

certificate

and

RSA

key

pair.


Your
class

map

is

associated

with

the

policy

map

to

define

the

virtual

SSL

server

IP

address

that

the
destination
IP

address

of

the

inbound

traffic

must

match.


You
must

import

a

digital

certificate

and

its

corresponding

public

and

private

key

pair

to

the

desired
AC
E


c

o

n

t

e

x

t

.


At
least

one

SSL

certificate

is

available.


If
you

do

not

have

a

certificate

and

corresponding

key

pair,

you

can

generate
an
RSA

key

pair

and
a
certificate

signing

request

(CSR ).

Create

a

CSR

when

you

need

to

apply

for

a

certificate

from

a
certificate
authority

(CA).

The

CA

signs

the

CSR

and

returns

the

authorized

digital

certificate

to
you.
Note
You
cannot

generate

a

CSR

in

Building

Blocks

(Config
>
Global
>
All

Building

Blocks);
SSL
CSR

generation

is

available

only

in

virtual

context

configuration.
Summary
of

SSL

Configuration

Tasks
Ta
b

l

e


11-1

describes

the

tasks

for

using

SSL

keys

and

certificates.
Ta
b

l

e


11-1
SSL
Key

and

Certificate

Procedure

Overview
Ta
s

k
Description
Create
an

SSL

parameter

map.
Create
an

SSL

parameter

map

to

specify

the

options

that

apply

to

SSL

sessions

such

as

the
method
to

be

used

to

close

SSL

connections,

the

cipher

suite,

and

version

of

SSL

or

TSL.
See
the

“Configuring

SSL

Parameter

Maps”

section

on

page

11-18 .
Create
an

SSL

key

pair

file.
Create
an

SSL

RSA

key

pair

file

to

generate

a

CSR,

create

a

digital

signature,

and

encrypt
packet
data

during

the

SSL

handshake

with

an

SSL

peer.
See
the

“Generating

SSL

Key

Pairs”

section

on

page

11-14 .
Configure
CSR

parameters.
Set
CSR

parameters

to

define

the

distinguished

name

attributes

of

a

CSR.
See
the

“Configuring

SSL

CSR

Parameters”

section

on

page


11-24 .
Create
a

CSR.
Create
a

CSR

to

submit

with

the

key

pair

file

when

you

apply

for

an

SSL

certificate.
See
the

“Generating

CSRs”

section

on

pa

ge

11-26 .
Copy
and

paste

the

CSR

into

the
Certificate
Authority

(CA)
web-based
application

or

email
the
CSR

to

the

CA.
Using
the

SSL

key

pair

and

CSR,

apply

for

an

approved

certificate

from

a

Certificate
Authority.
Use
the

method

specified

by

the

CA

for

submitting

your

request.
Save
t

he

a

ppr

oved

cer

t

ifi

cat

e
from
the

CA

in

its

received
format
on

an

FTP,

SFTP,

or

TFTP
server.
When
you

receive

the

approved

certificate,

save

it

in

the

format

in

which

it

was

received
on
a

network

server

accessible

via

FTP,

SFTP,

or

TFTP.