Installation guide

ManualsBrandsCisco ManualsComputer equipmentExplorer 4700

321

322

323

324

325

326

327

328

329

330

9-4

Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance

OL-26645-02

Chapter 9 Configuring SSL

Summary of SSL Configuration Steps

Table 9-1 describes the steps for using SSL keys and certificates.

Table 9-1 SSL Key and Certificate Procedure Overview

Task Description

Step 1

Create an SSL

parameter map.

Create an SSL parameter map to specify the options that apply to

SSL sessions such as the method to be used to close SSL

connections, the cipher suite, and version of SSL or TLS.

See Configuring SSL Parameter Maps, page 9-19.

Step 2

Create an SSL key pair

file.

Create an SSL RSA key pair file to generate a CSR, create a digital

signature, and encrypt packet data during the SSL handshake with

an SSL peer.

See Generating SSL Key Pairs, page 9-15.

Step 3

Configure CSR

parameters.

Set CSR parameters to define the distinguished name attributes of a

CSR.

See Configuring SSL CSR Parameters, page 9-26.

Step 4

Create a CSR. Create a CSR to submit with the key pair file when you apply for an

SSL certificate.

See Generating CSRs, page 9-27.

Step 5

Copy and paste the CSR

into the Certificate

Authority (CA)

Web-based application

or e-mail the CSR to the

CA.

Using the SSL key pair and CSR, apply for an approved certificate

from a Certificate Authority.

Use the method specified by the CA for submitting your request.

Step 6

Save the approved

certificate from the CA

in its received format on

an FTP, SFTP, or TFTP

server.

When you receive the approved certificate, save it in the format in

which it was received on a network server accessible via FTP, SFTP,

or TFTP.

Step 7

Import the approved

certificate and key pair

into the desired virtual

context.

Import the approved certificate and the associated SSL key pair into

the appropriate context using ACE Appliance Device Manager.

See the following topics:

• Importing SSL Certificates, page 9-8

• Importing SSL Key Pairs, page 9-12

Step 8

Confirm that the public

key in the key pair file

matches the public key

in the certificate file.

Examine the contents of the files to confirm that the key pair

information is the same in both the key pair file and the certificate

file.

Step 9

Configure the virtual

context for SSL.

See Configuring Traffic Policies, page 12-1.

Step 10

Configure auth group. Create a group of certificates that are trusted as certificate signers

by creating an authentication group. See Configuring SSL

Authentication Groups, page 9-32.