Installation guide

ManualsBrandsCisco ManualsComputer equipmentExplorer 4700

351

352

353

354

355

356

357

358

359

360

9-25

Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance

OL-26645-02

Chapter 9 Configuring SSL

Configuring SSL Chain Group Parameters

A chain group specifies the certificate chains that the ACE appliance sends to its peer during the

handshake process. A certificate chain is a hierarchal list of certificates that includes the ACE

appliance’s certificate, the root certificate authority certificate, and any intermediate certificate authority

certificates. Using the information provided in a certificate chain, the certificate verifier searches for a

trusted authority in the certificate hierarchal list up to and including the root certificate authority. If the

verifier finds a trusted authority before reaching the root certificate authority certificate, it stops

searching further.

Use this procedure to configure certificate chains for a virtual context.

Assumption

At least one SSL certificate is available.

Procedure

Step 1 Choose Config > Virtual Contexts > context > SSL > Chain Group Parameters. The Chain Group

Parameters table appears.

Step 2 Click Add to add a new chain group, or select an existing chain group, and then click Edit to modify it.

The Chain Group Parameters configuration screen appears.

Step 3 In the Name field, enter a unique name for the chain group. Valid entries are alphanumeric strings with

a maximum of 64 characters.

Step 4 Do the following:

• Click Deploy Now to deploy this configuration on the ACE appliance. The updated Chain Group

Parameters screen appears along with the Chain Group Certificates table. Continue with Step 5.

• Click Cancel to exit the procedure without saving your entries and to return to the Chain Group

Parameters table.

• Click Next to save your entries and to add another entry to the Chain Group Parameters table.

Step 5 In the Chain Group Certificates table, click Add to add an entry. The Chain Group Certificates

configuration screen appears.

Note You cannot modify an existing entry in the Chain Group Certificates table. Instead, delete the

entry, and then add a new one.

Step 6 In the Certificate Name field, select the certificate to add to this chain group.

Step 7 Do the following:

• Click Deploy Now to deploy this configuration on the ACE appliance.

• Click Cancel to exit the procedure without saving your entries and to return to the Chain Group

Certificates table.

• Click Next to save your entries and to add another certificate to this chain group table.