11-29
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
11






Configuring

SSL
Configuring
SSL

OCSP

Service
Step
4
Do
one

of

the

following:


Click
Deploy
Now

to

deploy
this

configuration

on

t

he
ACE
and

save

your

entries

t

o

the
running-configuration
and

startup-configuration

files.


Click
Cancel
to
exit

this

procedure

without
saving
your

entries

and

to

return

to

the
Proxy
Service
table.


Click
Next
t

o
deploy
your

entries

and

to
add
another

pr

oxy

service.


Click
Delete
to
remove
this

configuration

on

the

ACE.
Note
When
an

authorization

group
is
deleted,

the

CRL

Name
object
(if

it

exists)

is

deleted
automatically.
Related
Topics


Configuring
SSL,

page
11-1


Importing
SSL

Certificates,

page
11-7


Importing
SSL

Key

Pairs,

page
11-11


Configuring
SSL

Parameter

Maps,
page
11-18


Configuring
SSL

Chain

Group

Parameters,

page
11-23


Configuring
SSL

CSR

Parameters,
page
11-24
Configuring
SSL

OCSP

Service
Note
The
SSL

Online

Certificate

Status

Protocol

feature

requires

ACE

module

and

ACE

appliance

software
Version
A5(1.0)

or

later.
SSL
Online

Certificate

Status

Protocol

(OCSP)

service

defines

the

host

server

for

certificate

revocation
checks
using

OCSP.

The

OCSP

server,

also

known

as

the

OCSP

responder,

maintains

or

obtains

the
information
about

t

he

certificates

issued

by

di

fferent

CAs

that

ar

e

revoked

and

possibly

non-revoked,
Parameter

Maps
SSL
parameter

map

to

associate

with

this

SSL

proxy

server

service.
Revocation
Check
Priority
Order
Field
that

displays

for

ACE

module

or

appliance

software

Version

A5(1.0)

or

later.

Priority

setting
for
the

revocation

check.

Choose

one

of

the

following:


N/A—Indicates
that

this

field

is

not
applicable.


CRL-OCSP—The
ACE

uses
the
CRLs
first
to
determine

the

revocation

status,

and
then
the
OCSP
servers.


OCSP-CRL—The
ACE

uses
the
OCSP

servers

first

to

determine
the
revocation

status,
and
then
the

CRLs.
Table
11-13
SSL
Proxy

Service

Attributes

(continued)
Field
Description