Installation guide
9-28
Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance
OL-26645-02
Chapter 9 Configuring SSL
Configuring SSL Proxy Service
Step 3 In the CSR Parameter field, select the CSR parameter to be used.
Step 4 Do the following:
• Click OK to generate the CSR. The CSR appears in a popup window which you can now submit to
a certificate authority for approval. Work with your certificate authority to determine the method of
submission, such as e-mail or a Web-based application. Click Close to close the popup window and
to return to the Keys table.
• Click Cancel to exit this procedure without generating the CSR and to return to the Keys table.
Related Topics
• Configuring SSL, page 9-1
• Importing SSL Certificates, page 9-8
• Importing SSL Key Pairs, page 9-12
• Configuring SSL Parameter Maps, page 9-19
• Configuring SSL Chain Group Parameters, page 9-25
• Configuring SSL Proxy Service, page 9-28
Configuring SSL Proxy Service
SSL proxy service defines the SSL parameter map, key pair, certificate, and chain group an ACE
appliance uses during SSL handshakes. By configuring an SSL proxy server service on an ACE
appliance, the ACE appliance can act as an SSL server.
Use this procedure to define the attributes that the ACE appliance is to use during SSL handshakes so
that it can act as an SSL server.
Assumption
You have configured at least one SSL key pair, certificate, chain group, or parameter map to apply to
this proxy service.
Procedure
Step 1 Choose Config > Virtual Contexts > context > SSL > Proxy Service. The Proxy Service table appears.
Step 2 Click Add to add a new proxy service, or select an existing service, and then click Edit to modify it. The
Proxy Service configuration screen appears.
Step 3 In the Name field, enter a unique name for this proxy service. Valid entries are alphanumeric strings with
a maximum of 64 characters.
Step 4 In the Keys field, select the key pair that the ACE appliance is to use during the SSL handshake for data
encryption.
Caution When choosing the key pair from the drop-down list, be sure to choose the keys that
correspond to the certificate that you choose.