Command Reference vA5(1.0) and earlier, Cisco ACE Application Control Engine
Chaingroup Configuration Mode Commands
Downloads: This chapterpdf (PDF - 51.0KB) The complete bookPDF (PDF - 28.65MB) | Feedback

Chaingroup Configuration Mode Commands

Table Of Contents

Chaingroup Configuration Mode Commands

(config-chaingroup) cert


Chaingroup Configuration Mode Commands

Chaingroup configuration mode commands allow you to add Secure Sockets Layer (SSL) certificate files to a chain group.

To create a new chain group (or modify an existing chain group) and access chaingroup configuration mode, use the crypto chaingroup command. The CLI prompt changes to (config-chaingroup). Use the no form of the command to delete an existing chain group.

crypto chaingroup group_name

no crypto chaingroup group_name

Syntax Description

group_name

Name that you assign to the chain group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.


Command Modes

Configuration mode

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

A chain group specifies the certificate chains that the ACE sends to its peer during the handshake process. A certificate chain is a hierarchical list of certificates that includes the subject's certificate, the root CA certificate, and any intermediate CA certificates. You include a chain group in the handshake process by configuring the SSL proxy-service with the chain group (see the (config) ssl-proxy service command).

The ACE supports the following certificate chain group capabilities:

A chain group can contain up to eight certificate chains.

Each context on the ACE can contain up to eight chain groups.

The maximum size of a chain group is 16 KB.

Examples

To create the chain group MYCHAINGROUP, enter:

host1/Admin(config)# crypto chaingroup MYCHAINGROUP

Related Commands

(config) ssl-proxy service

(config-chaingroup) cert

To add certificate files to a chain group, use the cert command. Use the no form of the command to remove a certificate file from a chain group.

cert cert_filename

no cert cert_filename

Syntax Description

cert_filename

Name of an existing certificate file stored on the ACE. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. To display a list of available certificate files, use the do show crypto files command.


Command Modes

Chaingroup configuration mode

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

It is not necessary to add the certificates in any type of hierarchical order because the device verifying the certificates determines the correct order.

The ACE supports the following certificate chain group capabilities:

A chain group can contain up to eight certificate chains.

Each context on the ACE can contain up to eight chain groups.

The maximum size of a chain group is 16 KB.

Examples

To add the certificate files MYCERTS.PEM, MYCERTS_2.PEM, and MYCERTS_3.PEM to the chain group, enter:

host1/Admin(config-chaingroup)# cert MYCERTS.PEM
host1/Admin(config-chaingroup)# cert MYCERTS_2.PEM 
host1/Admin(config-chaingroup)# cert MYCERTS_3.PEM 

To remove the certificate file MYCERTS_2.PEM from the chain group, enter:

host1/Admin(config-chaingroup)# no cert MYCERTS_2.PEM

Related Commands

(config) crypto chaingroup