11-21
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
11






Configuring

SSL
Configuring
SSL

Parameter

Maps
Step
5
In
the
Parameter
Map
Cipher

table,

do

one


of

t

he
following:


Click
Deploy
Now

to

deploy
the
Parameter
Map

Cipher

on

the

ACE

and

save

your

entries

t

o
the
running-configuration
and

startup-configuration

files


Click
Cancel
to
exit

the

procedure
without
saving
your
entries

and

to

return

to

the

Parameter
Map
Cipher
table.


Click
Next
t

o
deploy
your

entries

and

to
add
another

entry

t

o
the
Parameter

Map

Ci

pher

t

able.
Step
6
Click
the
Redirect
Authentication

Failure

tab

and

click
Add
to

add

a

redirect

or

choose

an
existing
redirect,
and

click

Edit.
Note
This
option

is
available
only
for
the

ACE

module

A2(3.0),

ACE

appliance

A4(1.0),
and
later
releases
of

either

device

type.
Enter
the

information

in

Ta

b

l

e


11-11 .
Note
The
Redirect

Authentication

Failure

feature

is

only

for

SSL

termination

configurations

in

which
the
ACE

performs

client

authentication.

The

ACE

ignores

these

attributes

if

you

configure

them
for
an

SSL

initiation

configuration.
Ta
b

l

e


11-11
SSL
Parameter

Map

Redirect

Configuration

Attributes
Field
Description
Client
Certificate
Validation
Type
of

certificate

validation

failure

to
redirect.
From

the

drop-down

list,

choose

the

type

to
redirect:


Any—Associates
any
of
the
certificate

failures

with

the

redirect.

You
can

configure

the
authentication-failure
redirect

any

command

with

individual

reasons

for

redirection.

When

you
do,
the

ACE

attempts

to

match

one

of

the

individual

reasons

before

using

the

any

reason.

You
cannot
configure

the

authentication-failure

redirect

any

command

with

the
authentication-failure
ignore

command.


Cert-expired—Associates
an

expired

certificate

failure
with
a

redirect.


Cert-has-signature-failure—Associates
a
certificate

signature

failure

with

a

redirect.


Cert-not-yet-valid—Associates
a

certificate

that

is

not

yet

valid

failure
with
the

redirect.


Cert-other-error—Associates
a

all

other

certificate

failures

with

a

redirect.


Cert-revoked—Associates
a

revoked

certificate

failure

with

a

redirect.


CRL-has-expired—Associates
an

expired

CRL

failure

with

a

redirect.


CRL-not-available—Associates
a

CRL

that

is

no

t

available
failure
with

a
redirect.


No-client-cert—Associates
no
client
certificate

failure

with

a

redirect.


Unknown-issuer—Associates
an

unknown

issuer

certificate

failure

with

a

redirect.
Redirect
Type
Redirect
t

ype

to

use:


Server
Farm—Specifies

a

redirect

server

farm

for

the

redirect.


URL—Specifies
a

static

URL

path

for

the

redirect.