13-32
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
13






Configuring

High

Availability
Synchronizing
SSL

Certificate

and

Key

Pairs

on

Both

ACE

Peers
Synchronizing
SSL

Certificate

and

Key

Pairs

on

Both

ACE

Peers
You
can

reconcile

the

SSL

certificates

and

key

pairs.

When

SSL

certificate/key

import

is

attempted

on
a
peer

that

is

configured

in

HA,

ANM

detects

the

HA

state

and

also

imports

the

same

certificate/key

into
the
other

HA

peer.

In

addition,

when

you

are

configuring

two

peers

in

HA

from

ANM,

a

warning
message
appears

asking

you

to

perform

certificate/key

reconciliation

and

offers

the

appropriate

window
enabling
you

t

o

do

t

his.
Guidelines
and

Restrictions
The
certificate/key

reconciliation

feature

is

available

from

the

Admin

context

only;

however,

executing
this
feature

from

the

Admin

context

also

reconciles

the

SSL

certificates

and

key

pairs

on

all

the

virtual
contexts
associated

with

t

he

ACE

peers.
Procedure
Step
1
Choose
Config
>

Devices

>

admin_context

>

High

Availability

(HA)

>

Setup.
The
HA

Management

window

appears

at

the

top

of

the

content

area

and

the

HA

Groups

table

appears

at
the
bottom.
Step
2
In
the

HA

Groups

table,

choose

the

group

that

you

want
to
reconcile
the
SSL

certificates

and

key

pairs
on
the

two

HA

pairs

after

a

switchover

occurs,

and

click

SSL

Certificate/Key

Reconcile.
The
SSL

Certificate/Key

Reconciliation

popup

window

appears.

Information

appears

in

this

popup
window
for

the

primary

ACE

and

the

peer

ACE

as

described

in

Ta

b

l

e


13-5 .
Ta
b

l

e


13-5
SSL
Certificate/Key

Reconciliation

Popup

Window

Attributes
Field
Description
This
Device
IP
address

for

the

fault-tolerant

VLAN.
Peer
Device
Fault-tolerant
VLAN

to

be

used

for

this

high

availability

pair.

Valid

entries

are

from

1

to

4094.
Note
This
VLAN

cannot

be

used

for

ot

her

network

traffic.
Context
Name
Unique
name

for

the

vi

rtual

context
Matched
State
Feature
that

indicates

a

match

between

the

SSL

certificates

and

key

pairs

on

the

active

ACE

and

the
standby
ACE

peer.
Not
Matched
State
Feature
that
indicates

that

there
is
not

a

match

between

the

SSL

certificates

and

key

pairs
on
the
active
ACE
and

the

standby

ACE

peer.
SSL
Certificates/Keys

On

Both

HA

Peers
File
Type
Format
of

the

file:

PEM,

DER,

or

PKCS12.
Name
Name
of

the

file

that

contains

the

certificate

or

key

pair.
Exportable
Field
t

hat

i

ndicates

whether

or


not

you

can

export

the

file

from

the

ACE.

Choices

are

as

fo

llows:


Ye
s

—You

can

export

the

file

to
an
FTP,

SFTP,
or
TFP

server
(see
Chapter
11,
“Configuring

SSL”
).


No—You
cannot
export

the

file

as

it

is

protected.
Matched
Field
that

indicates

that

the

SSL

certificate

and

key

pair

is

a

match

on

the

peer

ACE.
Available
On
Field
that

identifies

the

ACE

devices

that

contain

the

SSL

certificate

and

key

pair.