Application Control Engine Module Command Reference (Software Version 3.0(0)A1(2))
Chaingroup Configuration Mode Commands
Download this chapter
Chaingroup Configuration Mode CommandsChaingroup Configuration Mode Commands
Download the complete book
Cisco Application Control Engine Module Command Reference Book-Length PDF (Software Version 3.0(0)A1(2))Cisco Application Control Engine Module Command Reference Book-Length PDF (Software Version 3.0(0)A1(2)) (PDF - 13 MB)
give_us_feedback

Table Of Contents

Chaingroup Configuration Mode Commands

(config-chaingroup) cert


Chaingroup Configuration Mode Commands

Chaingroup configuration mode commands allow you to add SSL certificate files to a chain group. To create a new chain group (or modify an existing chain group) and access chaingroup configuration mode, use the crypto chaingroup command. The CLI prompt changes to (config-chaingroup). Use the no form of the command to delete an existing chain group.

crypto chaingroup group_name

no crypto chaingroup group_name

Syntax Description]]

group_name

Name you assign the chain group. Enter the chain group name as an alphanumeric string from 1 to 64 characters in length.


Command Modes

Configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

Command introduced.


Usage Guidelines

This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.

A chain groups specifies which certificate chains the ACE sends to its peer during the handshake process. A certificate chain is a hierarchal list of certificates that includes the subject's certificate, the root CA certificate, and any intermediate CA certificates. You include a chain group in the handshake process by configuring the SSL proxy-service with the chain group (see the (config) ssl-proxy service command).

The ACE supports the following certificate chain group capabilities:

A chain group can contain up to nine certificate chains.

Each context on the ACE can contain up to eight chain groups.

The file size of an individual certificate or chain group must not exceed 8192 bytes.

Examples

To create the chain group MYCHAINGROUP, enter: 

host1/Admin(config)# crypto chaingroup MYCHAINGROUP

Related Commands

(config) ssl-proxy service

(config-chaingroup) cert

To add certificate files to a chain group, use the cert command. Use the no form of the command to remove a certificate file from a chain group.

cert cert_filename

no cert cert_filename

Syntax Description

cert_filename

Name of an existing certificate file stored on the ACE. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. To display a list of available certificate files, use the do show crypto files command.


Command Modes

Chaingroup configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

It is not necessary to add the certificates in any type of hierarchal order as the device verifying the certificates determines the correct order.

The ACE supports the following certificate chain group capabilities:

A chain group can contain up to nine certificate chains.

Each context on the ACE can contain up to eight chain groups.

The file size of an individual certificate or chain group must not exceed 8192 bytes.

Examples

To add the certificate files MYCERTS.PEM, MYCERTS_2.PEM, and MYCERTS_3.PEM to the chain group, enter:

host1/Admin(config-chaingroup)# cert MYCERTS.PEM

host1/Admin(config-chaingroup)# cert MYCERTS_2.PEM

host1/Admin(config-chaingroup)# cert MYCERTS_3.PEM

To remove the certificate file MYCERTS_2.PEM from the chain group, enter:

host1/Admin(config-chaingroup)# no cert MYCERTS_2.PEM

Related Commands

(config) crypto chaingroup