11-15
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
11






Configuring

SSL
Exporting
SSL

Certificates


Click
Next
t

o
deploy
your

entries

and

to
define
another
RSA
key
pair.
After
generating

an

RSA

key

pair,

you

can

do

the

following:


Create
a

CSR

parameter
set.
The

CSR

parameter
set
defines

the

distinguished

name
attributes

for
the
ACE

to

use

during

the

CSR-generating

process.

For

details

on

defining

a

CSR

parameter

set,

see
the
“Configuring

SSL

CSR

Parameters”

section

on

pa

ge

11-24 .


Generate
a

CSR

for
the
RSA

key

pair

file

and

transfer

the
CSR

request

to

the

certificate

authority
for
signing.

This

provides

an

added

layer

of

security

because

the

RSA

private

key

originates

directly
within
the

ACE

and

does

not


have

to

be

transported

externally.

Each

generated

key

pair

must

be
accompanied
by

a

corresponding

certificate

to

work.

For

details

on

generating

a

CSR,

see

the
“Generating
CSRs”

section

on

page

11-26 .
Related
Topics


Configuring
SSL,

page
11-1


Importing
SSL

Certificates,

page
11-7


Importing
SSL

Key

Pairs,

page
11-11


Configuring
SSL

Chain

Group

Parameters,

page
11-23


Configuring
SSL

CSR

Parameters,
page
11-24


Configuring
SSL

Proxy

Service,

page
11-27
Exporting
SSL

Certificates
You
can

export

SSL

certificates

from

the

ACE

to

a

remote

server.

The

ability

to

export

SSL

certificates
allows
you

copy

signed

certificates

to

another

server

on

your

network

so

that

you

can

then

import

them
onto
another

ACE

or

Web

server.

Exporting

certificates

is

similar

to

copying

in

that

the

original
certificates
are

not

deleted.
Assumption
The
SSL

certificate

can

be

exported

(see

the

“Importing

SSL

Certificates”

section

on

pa

ge

11-7 ).
Note
You
can

export

an

SSL

certificate

in

Building

Blocks

(Config
>
Global
>
All

Building

Blocks);
SSL
certificate

export

is

available

only

in

virtual

context

configuration.
Procedure
Step
1
To
configure

a

virtual

context,

choose
Config
>

Devices

>

context

>

SSL

>

Certificates.
The
Certificates

table

appears,

listing

any

valid

SSL

certificates.
The
cisco-sample-cert

certificate

is

included

in

the

list

only

for

the

ACE

module

A2(3.0),

ACE

appliance
4(1.0),
and

later

releases

of

either

device

type.

For

information

about

this

sample

certificate,

see

the
“Using
SSL

Certificates”

section

on

pa

ge

11-5 .
Step
2
In
the

Certificates

table,

choose

the

certificate

you
want
to

export,

and

click
Export.
The
Export

dialog

box

appears.