Installation guide

ManualsBrandsCisco ManualsComputer equipmentExplorer 4700

341

342

343

344

345

346

347

348

349

350

9-23

Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance

OL-26645-02

Chapter 9 Configuring SSL

Configuring SSL Parameter Maps

Step 15 In the Redirect Authentication Failure table, do one of the following:

• Click Deploy Now to deploy the Redirect Authentication Failure table on the ACE and save your

entries to the running-configuration and startup-configuration files.

• Click Cancel to exit the procedure without saving your entries and to return to the Redirect

Authentication Failure table.

• Click Next to deploy your entries and to add another entry to the Redirect Authentication Failure

table.

Table 9-12 SSL Parameter Map Redirect Configuration Attributes

Field Description

Client Certificate

Validation

Select the type of certificate validation failure to redirect. From the drop-down list, choose the type

to redirect:

• Any—Associates any of the certificate failures with the redirect. You can configure the

authentication-failure redirect any command with individual reasons for redirection. When you

do, the ACE attempts to match one of the individual reasons before using the any reason. You

cannot configure the authentication-failure redirect any command with the

authentication-failure ignore command.

• Cert-expired—Associates an expired certificate failure with a redirect.

• Cert-has-signature-failure—Associates a certificate signature failure with a redirect.

• Cert-not-yet-valid—Associates a certificate that is not yet valid failure with the redirect.

• Cert-other-error—Associates a all other certificate failures with a redirect.

• Cert-revoked—Associates a revoked certificate failure with a redirect.

• CRL-has-expired—Associates an expired CRL failure with a redirect.

• CRL-not-available—Associates a CRL that is not available failure with a redirect.

• No-client-cert—Associates no client certificate failure with a redirect.

• Unknown-issuer—Associates an unknown issuer certificate failure with a redirect.

Redirect Type Select the redirect type to use:

• Server Farm—Specifies a server farm for the redirect.

• URL—Specifies a static URL path for the redirect.

Server Farm Name This field appears when the Redirect Type is set to Server Farm. The ACE Device Manager displays

all configured host and redirect server farms. Choose one of the available server farm options or

click Plus (+) to open the server farm configuration popup and configure a redirect server farm (see

the “Configuring Server Farms” section on page 6-18).

Redirect URL This field appears when the Redirect Type is set to URL. Enter the static URL path for the redirect.

Enter a string with a maximum of 255 characters and no spaces.

Redirect Code This field appears when the Redirect Type is set to URL.

Enter the redirect code that is sent back to the client:

• 301—Status code for a resource permanently moving to a new location.

• 302—Status code for a resource temporarily moving to a new location.