11-20
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
11






Configuring

SSL
Configuring
SSL

Parameter

Maps
Step
4
Click
the
Parameter

Map

Cipher

tab

and

click

Add

to
add
a
cipher,
or


choose

an
existing
ci

pher

and
click
Edit.
Enter
the

information

in

Ta

b

l

e


11-10 .
Ignore
Authentication
Failure
Option
that

enables

the

ACE

to

ignore

expired

or

invalid

SSL

certificates

and

continue

setting

up
the
connection

as

follows:


ACE
module

versions

3.0(0)A2(1.1)

forward

and

ACE

appliance

version

A3(1.0)

only—If
checked,
this

feature

enables

the

ACE

to

ignore

expired

or

invalid

server

certificates

and

to
continue
setting

up

the

back-end

connection

in

an

SSL

initiation

configuration.

This

option
allows
the

ACE

to

ignore

the

following

nonfatal

errors

with

respect

to

server

certificates:


Certificate

not


yet

valid


Certificate

has

expired


Certificate

revoked


Unknown

issuer


ACE
module

version
A2(3.0)
and
later
only—If
checked,

this

feature

enables

the

ACE

to
ignore
expired

or

invalid

client

or

server

certificates

and

to

continue

setting

up

the

SSL
connection.
This

options

al

lows

the

ACE

to

ignore

the

fol

lowing

nonfatal

errors

with

respect
to
either

client

certificates

for

SSL

termination

configurations,

or

server

certificates

for

SSL
initiation
configurations:


Certificate

not


yet

valid

(both)


Certificate

has

expired

(both)


Certificate

revoked

(both)


Unknown

issuer

(both)


No

client

certificate

(client

certificate

only)


CRL

not

available

(client

certificate

only)


CRL

has

expired

(client

certificate

onl

y)


Certificate

has

signature

failure

(client

certificate

only)


Certificate

other

error

(client

certificate

only)
Table
11-9
SSL
Parameter

Map

Attributes

(continued)
Field
Description
Ta
b

l

e


11-10
SSL
Parameter

Map

Cipher

Configuration

Attributes
Field
Description

Cipher

Name
Cipher
to

use.
For
more

information

on

the

SSL

cipher

suites

that

ACE

supports,

see

the

Cisco

4700

Series
Application
Control

Engine

Appliance

SSL

Configuration

Guide

or

the

Cisco

Application

Control
Engine
Module

SSL

Configuration

Guide.
Cipher
Priority
Priority
that

you

want

to

assign

to

this

cipher

suite.

The

priority

indicates

the

cipher’s

preference
for
use.
Valid
entries

are

from

1

to

10

with

1

indicating

the

least

preferred

and

10

indicating

the

most
preferred.
When

determining

which

cipher

suite

to

use,

the

ACE

chooses

the

cipher

suite

with

the
highest
priority.