11-18
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
11






Configuring

SSL
Configuring
SSL

Parameter

Maps


Importing
SSL

Key

Pairs,

page
11-11


Generating
SSL

Key

Pairs,

page
11-14


Configuring
SSL

Chain

Group

Parameters,

page
11-23


Configuring
SSL

CSR

Parameters,
page
11-24


Configuring
SSL

Proxy

Service,

page
11-27
Configuring
SSL

Parameter

Maps
You
can

create

SSL

parameter

maps.,

which

defines

the

SSL

session

parameters

that

the

ACE

applies

to
an
SSL

proxy

service.

SSL

parameter

maps

let

you

apply

the

same

SSL

session

parameters

to

different
proxy
services.
Procedure
Step
1
Choose
the

item

to

configure:


To
configure

a

virtual

context,

choose
Config
>

Devices

>

context

>

SSL

>

Parameter

Map.


To
configure

a

building

block,

choose
Config
>

Global

>

building_block

>

SSL

>

Parameter

Map.
The
Par

ameter

Map

t

able

ap

pears.
Step
2
In
the

Parameter

Map

table,

click
Add
to

add

a

new

SSL

parameter
map,
or

choose

an

existing

entry

to
modify
and

cl

ick

Edit.
The
Parameter

Map

configuration

window

appears.
Step
3
In
the

Parameter

Map

configuration
window,
enter

the
information
in
Ta
b

l

e
11-9
.
Ta
b

l

e


11-9
SSL
Parameter

Map

Attributes
Field
Description
Name
Unique
name

for

the

parameter

map.

Valid

entries

are

alphanumeric

strings

with

a

maximum

of

64
characters.
Description
Field
that

appears

for

ACE

module

A2(1.5),

ACE

appliance

A3(2.3),

and

later

releases

of

either
device
t

ype.

If


you

attempt

to

use

the

Description

feature

with

an

ACE

that

is

running

an

earlier
software
version,

ANM

displays

an

invalid

command

detected

error

message

and

does

not

deploy
the
parameter

map.
Brief
description

of


the

parameter

map.

Enter

a

text

string

with

a

maximum

of


240

al

phanumeric
characters
(A–Z,

a–z,

0–9).

Spaces

and

special

characters

are

allowed.

Double

quotes

must

be
entered
as

matching

pairs.
Queue
Delay

Timeout
(Milliseconds)
Time
(in
milliseconds)
to
wait

before
emptying
the

queued
data
for

encryption.

Valid

entries

are

0
to
10000

milliseconds.

If

disabled

(set

to

0),

the

ACE

encrypts

the

data

from

the

server

as

soon

as
it
arrives

and

then

sends

the

encrypted

data

to

the

client.
Note
The
Queue
Delay
Timeout
is

only

applied
to
data
that
the
SSL

module

sends

to
the

client.
This
avoids

a

potentially

long

delay

in

passing

a

small

HTTP

GET

to

the

real

server.