11-11
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
11






Configuring

SSL
Using
SSL

Keys
Importing
SSL

Key

Pairs
You
can

import

an

SSL

key

pair

file

from

a

network

server

to

an

ACE,

which

can

support

the

following
number
of

c

ertificates

and

key

pairs

depending

on

t

he

installed

sof

tware

version:


ACE
Module:


A2(3.x)

and

earlier—3800

certificates

and

3800

key

pairs


A4(1.0)—

4096

certificates

and

4096

key

pairs


ACE
Appliance:


A3(1.x)

and

earlier—3800

certificates

and

3800

key

pairs


A3(2.x)

and

later

(i

ncluding

A4(1.0))—4096

certificates

and

4096

key

pairs
Assumptions
This
topic

assumes

the

following:


You
have

configured

the
ACE

for

server
load
balancing.

(See

the
“Information
About

Load
Balancing”
section

on

pa

ge

7-1 .)


You
have
obtained

an

SSL

key

pair

from

a

ce

rtificate

authority
(CA)
and
have
pl

aced

the

pair

on

a
network
server

accessible

by

the

ACE.
Procedure
Step
1
Choose
the

item

to

configure:


To
configure

a

virtual

context,

choose
Config
>

Devices

>

context

>

SSL

>

Keys.


To
configure

a

building

block,

choose
Config
>

Global

>

building_block

>

SSL

>

Keys.
The
Keys

table

appears,

listing

existing

SSL

keys.
For
the

ACE

module

A2(3.0),

ACE

appliance

A4(1.0),

and

later

releases

of

both

either

type,

the
cisco-sample-key
key

pair

is

included

in

the

list.

For

information

on

this

sample

key

pair,

see

the

“Using
SSL
Certificates”

section

on

page

11-5 .
Step
2
Do
one

of

the

following:


To
import

a

single

SSL

key

pair,

in

the

Keys

table,

click
Import.
The

Import

dialog

box

appears.


To
import

multiple

SSL

key

pairs,
click
Bulk
Import.

The

Bulk

Import

dialog

box

appears.
Note
The
SSL

bulk

import

feature

is

available

only

for

ACE

module

A2(2.0),

ACE

appliance
A4(1.0),
and

later

releases

of

either

device

type.

If

you

attempt

to

use

the

bulk

import

feature
with
an

ACE

that

is

running

an

earlier

software

version,

ANM

displays

an

invalid

command
detected
error

message

and

does

not


deploy

the

bulk

i

mport

configuration

for


the

ACE.
Note
SSL
bulk

import

can

take

longer

based
on
the

number

of

SSL

keys

being

imported.

It
will
progress
to

completion

on

the

ACE.

To

see

the

imported

keys

in

ANM,

perform

a

CLI

Sync
for
this

context

once

the

SSL

bulk

import

has

completed.

For

information

on

synchronizing
contexts,
see

the

“Synchronizing

Virtual

Context

Configurations”

section

on

page

6-105 .
Step
3
Enter
the

applicable

information
as
follows: