11-4
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
11






Configuring

SSL
SSL
Setup

Sequence
For
more

information

about

using

SSL

with

ACE,

see

the

Cisco

4700

Series

Application

Control

Engine
Appliance
SSL

Configuration

Guide

or


Cisco

Application

Control

Engine

Module

SSL

Configuration
Guide.
SSL
Setup

Sequence
The
SSL

se

tup

sequence

provides

detailed

instructions

with

illustrations

for

configuring

SSL

on

ACE
devices
from

ANM

(Figure

11-2 ).

The

purpose

of

this

option

is

to

provide

a

visual

guide

for

performing
typical
SSL

operations,

such

as

SSL

CSR

generation,

SSL

proxy

creation,

and

so

on.

This

option

does
not
replace

any

existing

SSL

functions

or

c

onfiguration

windows

already

present

in

ANM.

It

is

only
intended
as

an

additional

guide

for

anyone

unfamiliar

or

unclear

with

the

SSL

operations

that

need

to

be
performed
on

the

ACE

device.

From

the

SSL

setup

sequence,

you

are

allowed

to

configure

all

SSL
operations,
without

duplicating

the

edit/delete/table/view

operations

that

the

other

SSL

configuration
windows
provide.
The
tools

and

operations

involved

in

typical

SSL

operations

are

as

follows:


SSL
Import/Create

Keys


SSL
Import

Certificates


SSL
CSR

generation


SSL
pr

oxy

creation
Note
The
SSL

Setup

Sequence
in
ANM

uses

the

terms

SSL

Policies

and

SSL

Proxy

Service

interchangeably.
Import
the

approved

certificate
and
key

pair

into

the

desired
virtual
context.
Import
the

approved

certificate

and

the

associated

SSL

key

pair

into

the

appropriate
context
using

ANM.
For
more

information,

see

following

sections:


“Importing
SSL

Cer

tificates”

section
on
page
11-7


“Importing
SSL

Key

Pairs”

section

on

page
11-11
Confirm
that

the

public

key

in

the
key
pair

file

matches

the

public
key
in

the

certificate

file.
Examine
the
contents
of

the
files

to

confirm

that

the

key

pair

information
is
the

same
in
both
the

key

pair

file

and

the

certificate

file.
Configure
the

virtual

context

for
SSL.
See
the

“Configuring

Traffic

Policies”

section

on

page

14-1 .
Configure
authorization

group.
Create
a

group

of

certificates

that

are

trusted

as

certificate

signers

by

creating

an
authentication
group.

See

the

“Configuring

SSL

Authentication

Groups”

section

on
page
11-31 .
Configure
CRL.
See
the

“Configuring

CRLs
for
Client
Authentication”
section

on

page
11-33 .
Table
11-1
SSL
Key

and

Certificate

Procedure

Overview

(continued)
Task
Description