Command Reference vA5(1.0) and earlier, Cisco ACE Application Control Engine
Authentication Group Configuration Mode Commands
Downloads: This chapterpdf (PDF - 48.0KB) The complete bookPDF (PDF - 28.65MB) | Feedback

Authentication Group Configuration Mode Commands

Table Of Contents

Authentication Group Configuration Mode Commands

(config-authgroup) cert


Authentication Group Configuration Mode Commands

Authentication group configuration mode commands allow you to configure client authentication on a Secure Sockets Layer (SSL)-proxy service by assigning the authentication group to the service.

To create an authentication group and access authgroup configuration mode, use the crypto authgroup command. The CLI prompt changes to (config-authgroup). Use the no form of this command to delete an existing authentication group.

crypto authgroup group_name

no crypto authgroup group_name

Syntax Description

group_name

Name that you assign to the certificate authentication group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.


Command Modes

Configuration mode

Admin and user contexts

Command History

ACE Module Release
Modification

A2(1.0)

This command was introduced.


ACE Appliance Release
Modification

A3(1.0)

This command was introduced.


Usage Guidelines

This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

During the flow of a normal SSL handshake, the server send its certificate to the client. The client verifies the identity of the server through the certificate. However, the client does not send any identification of its own to the server. When the client authentication feature is enabled on the ACE, it requires that the client send a certificate to the server.

On the ACE, you can implement a group of certificates that are trusted as certificate signers by creating an authentication group.

Examples

To create the authentication group AUTH-CERT1, enter:

host1/Admin(config)# crypto authgroup AUTH-CERT1

Related Commands

(config) ssl-proxy service

(config-authgroup) cert

To add certificate files to the authentication group, use the cert command. You can configure an authentication group with up to ten certificates. Use the no form of this command to remove a certificate file from the authentication group.

cert cert_filename

no cert cert_filename

Syntax Description

cert_filename

Name of an existing certificate file stored on the ACE. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. To display a list of available certificate files, use the do show crypto files command.


Command Modes

Chaingroup configuration mode

Admin and user contexts

Command History

ACE Module Release
Modification

A2(1.0)

This command was introduced.

A2(3.0)

The number of certificates in an authentication group increased from 4 to 10.


ACE Appliance Release
Modification

A3(1.0)

This command was introduced.

A4(1.0)

The number of certificates in an authentication group increased from 4 to 10.


Usage Guidelines

It is not necessary to add the certificates in any type of hierarchical order because the device that verifies the certificates determines the correct order.

Examples

To add the certificate files MYCERTS.PEM and MYCERTS_2.PEM to the authentication group, enter:

host1/Admin(config-authgroup)# cert MYCERTS.PEM

host1/Admin(config-authgroup)# cert MYCERTS_2.PEM

To remove the certificate file MYCERTS_2.PEM from the authentication group, enter:

host1/Admin(config-authgroup)# no cert MYCERTS_2.PEM

Related Commands

(config) crypto authgroup