11-23
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
11






Configuring

SSL
Configuring
SSL

Chain

Group

Parameters
Configuring
SSL

Chain

Group

Parameters
You
can

configure

certificate

chain

groups

for

a

vi

rtual

context.

A

chain

group

specifies

the

certificate
chains
that

the

ACE

sends

to

its

peer

during

the

handshake

process.

A

certificate

chain

is

a

hierarchal
list
of

certificates

that

includes

the

ACE’s

certificate,

the

root

certificate

authority

certificate,

and

any
intermediate
certificate

authority

certificates.

Using

the

information

provided

in

a

certificate

chain,

the
certificate
verifier

searches

for

a

trusted

authority

in

the

certificate

hierarchal

list

up

to

and

including

the
root
certificate

authority.

If

the

verifier

finds

a

trusted

authority

before

reaching

the

root

certificate
authority
certificate,

it


stops

searching

fur

ther.
Assumption
At
least

one

SSL

certificate

is

available.
Procedure
Step
1
Choose
Config
>

Devices

>

context

>

SSL

>

Chain

Group

Parameters.
The
Chain

Group

Parameters

table

appears.
Step
2
In
the

Chain

Group

Parameters

table,
click
Add
to

add

a

new

chain

group,

or

choose

an

existing

chain
group,
and

click

Edit

to

modify

it.
The
Chain

Group

Parameters

configuration

window

appears.
Step
3
In
the

Name

field

of

the
Chain
Group

Parameters

configuration

window,

enter

a

unique

name

for

the
chain
group.
Valid
entries

ar

e

al

phanumeric

strings

with

a

maximum

of

64

ch

aracters.
Step
4
Do
one

of

the

following:


Click
Deploy
Now

to

deploy
this
configuration

on

t

he
ACE

and

save

your

entries

t

o

the
running-configuration
and

startup-configuration

files.

The

updated

Chain

Group

Parameters
window
appears

along

with

the

Chain

Group

Certificates

table.

Continue

with

Step

5 .


Click
Cancel
t

o
exit
the
procedure
without
saving

your

entries
and
t

o
return
t

o
the
Chain

Group
Parameters
table.


Click
Next
t

o
deploy
your

entries

and

to
add
another

entry

t

o
the
Chain

Group

Parameters
table.
Step
5
In
the

Chain

Group
Certificates
table,

click
Add
to

add

an

entry.
The
Chain

Group

Certificates

configuration

window

appears.
Note
You
cannot
modify

an

existing

entry
in
the
Chain
Group

Certificates

table.

Instead,

delete

the
entry,
then

add

a

new

one.
Step
6
In
the

Certificate

Name

field,

choose

the

certificate

to

add
to
this

chain

group.
Step
7
Do
one

of

the

following:


Click
Deploy
Now

to

deploy
this

configuration

on

t

he
ACE
and

save

your

entries

t

o

the
running-configuration
and

startup-configuration

files.