Installation guide

9-31

Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance

OL-26645-02

Chapter 9 Configuring SSL

Enabling Client Authentication

Procedure

Step 1 Choose Config > Virtual Contexts > context > SSL > OCSP Service. The OCSP Service table appears.

Step 2 Click Add to add a new OCSP service, or select an existing service, and then click Edit to modify it.

The OCSP Service configuration screen appears.

Step 3 In the Name field, enter a unique name for this OCSP service. Valid entries are alphanumeric strings with

a maximum of 64 characters. This name is used when you apply this configuration to an SSL proxy

service.

Step 4 In the URL field, enter an HTTP based URL for the OCSP host name and optional port ID in the form

of http://ocsp_hostname.com:port_id. If you do not specify a port ID, the ACE uses the default value of

2560.

Step 5 Optionally, in the Request Signer’s Certificate field, you can select a file name for the signer certificate

to sign the requests to the server. By default, the request is not signed.

Step 6 Optionally, in the Response Signer’s Certificate field, you can select a file name for the signer certificate

to verify the signature on the server responses. By default, the responses are not verified.

Step 7 Check the Enable Nonce check box to enable the inclusion of the nonce in the requests to the server. By

default, nonce is disabled (unchecked).

Clear the check box to disable the inclusion of the nonce in requests to the server.

Step 8 In the TCP Connection Inactivity Timeout field, enter an integer from 2 to 3600 to specify the TCP

connection inactivity timeout in seconds. The default is 300 seconds.

Step 9 Do the following:

• Click Deploy Now to deploy this configuration on the ACE appliance.

• Click Cancel to exit this procedure without saving your entries and to return to the OCSP Service

table.

• Click Next to save your entries and to add another proxy service.