11-32
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
11






Configuring

SSL
Enabling
Client

Authentication
Step
2
In
the

Auth

Group
Parameters
table,
click
Add

t

o
add
an
authentication

group,

or


choose

an
existing
authorization
group

and

click

Edit

to

modify

it.
The
Auth

Group

Parameters

configuration

window

appears.
Step
3
In
the

Name

field

of

the
Auth
Group

Parameters

configuration

window,

enter

a

unique
name
for

the
authorization
group.
Valid
entries

ar

e

al

phanumeric

strings

with

a

maximum

of

64

ch

aracters.
Step
4
Do
one

of

the

following:


Click
Deploy
Now

to

deploy
this
configuration

on

t

he
ACE

and

save

your

entries

t

o

the
running-configuration
and

startup-configuration

files.

The

updated

Auth

Group

Parameters

window
appears
along

with

the

Auth

Group

Certificates

table.

Continue

with

Step

5 .


Click
Cancel
t

o
exit
the
procedure
without
saving

your

entries
and
t

o
return
t

o
the
Auth
Group
Parameters
table.


Click
Next
t

o
deploy
your

entries

and

to
add
another

entry

t

o
the
Auth
Group
Parameters

table.
Step
5
In
the

Auth

Group
Certificate
field,
click
Add
to

add

an

entry.
The
Auth

Group

Certificates

configuration

window

appears.
Note
You
cannot
modify

an

existing

entry
in
the
Auth
Group

Certificates

table.

Instead,

delete

the
entry,
then

add

a

new

one.
Step
6
In
the

Certificate

Name

field,

choose

the

certificate

to

add
to
this

authorization
group.
Step
7
Do
one

of

the

following:


Click
Deploy
Now

to

deploy
this

configuration

on

t

he
ACE
and

save

your

entries

t

o

the
running-configuration
and

startup-configuration

files.


Click
Cancel
t

o
exit
the
procedure
without
saving

your

entries
and
t

o
return
t

o
the
Auth
Group
Parameters
table.


Click
Next
t

o
deploy
your

entries

and

to
add
another

entry

t

o
the
Auth
Group
Parameters

table.
Step
8
You
can

repeat

the

previous
step
to
add
more
certificates

to

the

authorization

group
or
click
Deploy
Now.
Step
9
After
you

configure

authorization

group

parameters,

you

can

configure

the

SSL

proxy

service
to
use

a
CRL.
See

the

“Configuring

CRLs

for

Client

Authentication”

section

on

pa

ge

11-33 .
Note
When
you

enable
client
authentication,

a

significant

performance

decrease

may

occur.

Additional
latency
may

occur

when

you

c

onfigure

CRL

retrieval.
Related
Topics


Configuring
SSL

Chain

Group

Parameters,

page
11-23


Configuring
CRLs

for

Client

Authentication,

page
11-33