Manualshelf

Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274
391392393394395396397398399400
1-32
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Configuring Application Acceleration
Enabling and Disabling the Global Optimization Features
Step 4 In the SSL version field, choose the type of SSL protocol to use. Choose SSL3 for the SSL version 3
protocol, choose TLS1 for the Transport Layer Security version 1 protocol, or choose All to accept both
SSL3 and TLS1 SSL protocols.
Step 5 (Optional) Set the Online Certificate Status Protocol (OCSP) parameters for certificate revocation:
a. In the OCSP Revocation check drop-down list, select the OCSP revocation method.
Choose ocsp-url SSL accelerator to use OCSP responder specified in the OCSP Responder URL
field to check the revocation status of certificates. Choose ocsp-cert-url to use the OCSP responder
URL specified in the Certificate Authority certificate that signed the certificate.
b. If the Ignore OCSP failures check box is enabled, the SSL accelerator will treat the OCSP
revocation check as successful if it did not get a definite response from the OCSP responder.
Step 6 In the Cipher List field, choose a list of cipher suites to be used for SSL acceleration. For more
information, see the “Working with Cipher Lists” section on page 1-35.
Step 7 Choose a certificate/key pair method (see Figure 1-16).
Figure 1-16 Configuring Service Certificate and Private Key
Click Generate Self-signed Certificate Key to have the WAAS devices use a self-signed
certificate/key pair for SSL.
Click Import Existing Certificate Key to upload or paste an existing certificate/key pair.
Click Export Certificate Key to export the current certificate/key pair.
Click Generate Certificate Signing Request to renew or replace the existing certificate/key pair.
The certificate signing request (CSR) is used by the Certificate Authority to generate a new
certificate.
The file that you import or export must be in either a PKCS12 format or a PEM format.
For service certificate and private key configuration steps, see the “Configuring a Service Certificate and
Private Key” section on page 1-32.
Step 8 Click Submit.
Configuring a Service Certificate and Private Key
To configure a service certificate and private key, follow these steps:
Step 1 To generate a self-signed certificate and private key (see Figure 1-17), follow these steps: