Installation guide

9-15

Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance

OL-26645-02

Chapter 9 Configuring SSL

Using SSL Keys

• Configuring SSL Chain Group Parameters, page 9-25

• Configuring SSL CSR Parameters, page 9-26

• Configuring SSL Proxy Service, page 9-28

Generating SSL Key Pairs

If you do not have any matching key pairs, you can use the ACE appliance to generate a key pair.

Use this procedure to generate SSL RSA key pairs.

Procedure

Step 1 Choose Config > Virtual Contexts > context > SSL > Keys. The Keys table appears.

Step 2 Click Add to add a new key pair. The Keys configuration screen appears.

Note You cannot modify an existing entry in the Keys table. Instead, delete the existing entry, and then

add a new one.

Step 3 In the Name field, enter the name of the SSL key pair. Valid entries are alphanumeric strings with a

maximum of 40 characters.

Step 4 In the Size field, select the key pair security strength. The number of bits in the key pair file defines the

size of the RSA key pair used to secure Web transactions. Longer keys produce more secure

implementations by increasing the strength of the RSA security policy. Options and their relative levels

of security are as follows:

• 512—Least security

• 768—Normal security

• 1024—High security, level 1

• 1536—High security, level 2

• 2048—High security, level 3

• 4096—High security, level 4

Step 5 In the Type field, specify RSA as the public-key cryptographic system used for authentication.

Step 6 In the Exportable Key field, check the check box to indicate that the key pair file can be exported. Clear

the check box to indicate that the key pair file cannot be exported.

Step 7 Do the following:

• Click Deploy Now to deploy this configuration on the ACE appliance.

• Click Cancel to exit this procedure without saving your entries and to return to the Keys table.

• Click Next to save your entries and to define another RSA key pair.