11-27
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
11






Configuring

SSL
Configuring
SSL

Proxy

Service
Configuring
SSL

Proxy

Service
You
can

configure

an

SSL

proxy

service

that

defines

the

SSL

parameter

map,

key

pair,

certificate,

and
chain
group

the

ACE

uses

during

SSL

handshakes.

By

configuring

an

SSL

proxy

server

service

on

t

he
ACE,
the

ACE

can

act

as

an

SSL

server.
Assumption
You
have

configured

at

least

one

SSL

key

pair,

certificate,

chain

group,

or

parameter

map

to

apply

to

this
proxy
service.
Procedure
Step
1
Choose
Config
>

Devices

>

context

>

SSL

>

Proxy

Service.
The
Proxy

Service

table

appears.
Step
2
In
the

Proxy

Service

table,

click
Add
to

add

a

new

proxy

service,

or

choose

an

existing
service
and
click
Edit
to

modify

it.
The
Proxy

Ser

vice

configuration

window

appears.
Step
3
In
the

Proxy

Service

configuration

window,

enter

the
information
in
Ta
b

l

e
11-13
.
Ta
b

l

e


11-13
SSL
Proxy

Service

Attributes
Field
Description
Proxy
Service

Name
Unique
name

for

this

proxy

service.

Valid

entries

are

alphanumeric

strings

with

a

maximum

of

40
to
65

characters,

depending

on

your

ACE

and

hardware

version.
Keys
Key
pair

that

the

ACE

is

to

use

dur

ing

the

SSL

ha

ndshake

for

data

encryption.
Caution
When
choosing

the

key

pair

from

the

drop-down

list,

be

sure

to

choose

the

keys

that
correspond
to

the

certificate

that

you

choose.
Note
If
you

use
SSL
Setup

Sequence

to

create

the

proxy
service,

ANM

selects

the

keys

that
correspond
t

o

the

certificate

t

hat

you

choose.

If

ANM

cannot

detect

a

co

rresponding

key
pair,
you

can

select

a

key

pair

from

the

drop-down

list

and

click

Verify

Key

to

have

ANM
verify
that

the

keys

correspond

to

the

selected

certificate.

ANM

displays

a

message

to

let
you
know

that

your

key

pair

selection

either

matches

or

does

not

match

the

selected
certificate.
For

more

information

about

SSL

Setup

Sequence,

see

the

“SSL

Setup
Sequence”
section

on

page

11-4 .
The
cisco-sample-key

option

is

available

for

the

ACE

module

A2(3.0)

and

later

releases

only.

For
information
about

this

sample

key

pair,

see

the

“Using

SSL

Certificates”

section

on

page

11-5 .