Application Control Engine Module Command Reference (Software Version A1(2))
SSL Proxy Configuration Mode Commands
Download this chapter
SSL Proxy Configuration Mode CommandsSSL Proxy Configuration Mode Commands
Download the complete book
Cisco Application Control Engine Module Command Reference Book-Length PDF (Software Version A1(2))Cisco Application Control Engine Module Command Reference Book-Length PDF (Software Version A1(2)) (PDF - 13 MB)
give_us_feedback

Table Of Contents

SSL Proxy Configuration Mode Commands

(config-ssl-proxy) cert

(config-ssl-proxy) chaingroup

(config-ssl-proxy) key

(config-ssl-proxy) ssl advanced-options


SSL Proxy Configuration Mode Commands

SSL proxy configuration mode commands allow you to define the SSL parameters that the ACE SSL proxy service uses in either SSL termination (proxy server service) or SSL initiation (proxy client service) during the SSL handshake process.

To create a new proxy service (or edit an existing proxy service) and access SSL proxy configuration mode, use the ssl-proxy service command in configuration mode. The CLI prompt changes to (config-ssl-proxy). Use the no form of the command to delete an existing SSL proxy service.

ssl- proxy service pservice_name

no ssl- proxy service pservice_name

Syntax Description

pservice_name

Name of the SSL proxy service. Enter the proxy service name as a alphanumeric string from 1 to 64 characters in length.


Command Modes

Configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

Command introduced.


Usage Guidelines

The commands in this mode require the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.

When you create a SSL proxy service, the CLI changes to the SSL proxy configuration mode, where you define the following SSL proxy service attributes:

Certificate—See the (config-ssl-proxy) cert command

Chain group—See the (config-ssl-proxy) chaingroup command

Key Pair—See the (config-ssl-proxy) key command

Parameter map—See the (config-ssl-proxy) ssl advanced-options command

Examples

To create the SSL proxy service PSERVICE_SERVER, enter: 

host1/Admin(config)# ssl-proxy service PSERVICE_SERVER

host1/Admin(config-ssl-proxy)#

To delete an existing SSL proxy service, enter: 

host1/Admin(config)# no ssl-proxy PSERVICE_SERVER

Related Commands

(config-ssl-proxy) cert

(config-ssl-proxy) chaingroup

(config-ssl-proxy) key

(config-ssl-proxy) ssl advanced-options

(config-ssl-proxy) cert

To specify the certificate the ACE uses during the SSL handshake process to prove its identity, use the cert command. Use the no form of the command to delete a certificate file from the SSL proxy service.

cert cert_filename

no cert cert_filename

Syntax Description

name

Name of an existing certificate file loaded on the ACE. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. To display a list of available certificate files, use the do show crypto files command.


Command Modes

SSL proxy configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

The public key embedded in the certificate you select must match the public key in the key pair file you select. To verify that the public keys in the two files match, use the crypto verify command in the Exec mode.

Examples

To specify the certificate in the certificate file MYCERT.PEM, enter: 

host1/Admin(config-ssl-proxy)# cert MYCERT.PEM

To delete the certificate in the certificate file MYCERT.PEM from the SSL proxy service, enter: 

host1/Admin(config-ssl-proxy)# no cert MYCERT.PEM

Related Commands

crypto verify

(config) crypto chaingroup

(config-ssl-proxy) chaingroup

(config-ssl-proxy) key

(config-ssl-proxy) ssl advanced-options

(config-ssl-proxy) chaingroup

To specify the certificate chain group that the ACE sends to its peer during the SSL handshake, use the chaingroup command. Use the no form of the command to delete a certificate chain group from the SSL proxy service.

chaingroup group_name

no chaingroup group_name

Syntax Description

group_name

Name of an existing certificate chain group.


Command Modes

SSL proxy configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

The ACE includes the certificate chain along with the certificate you specified for the SSL proxy service.

When a change occurs in a chain-group certificate, the change takes effect when you remove the associated chain group through the no chaingroup command and then readd it through the chaingroup command.

Examples

To specify the private key in the key pair file MYKEY.PEM for the SSL proxy service, enter: 

host1/Admin(config-ssl-proxy)# key MYKEY.PEM

To delete the private key in the key pair file MYKEY.PEM from the SSL proxy service, enter: 

host1/Admin(config-ssl-proxy)# no key MYKEY.PEM

Related Commands

(config) crypto chaingroup

(config-ssl-proxy) cert

(config-ssl-proxy) key

(config-ssl-proxy) ssl advanced-options

(config-ssl-proxy) key

To specify the key pair the ACE uses during the SSL handshake for data encryption, use the key command. Use the no form of the command to delete a private key from the SSL proxy service.

key key_filename

no key key_filename

Syntax Description

key_filename

Name of an existing key pair file loaded on the ACE. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.


Command Modes

SSL proxy configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

The public key in the key pair file you select must match the public key embedded in the certificate you select. To verify that the public keys in the two files match, use the crypto verify command in the Exec mode.

Examples

To specify the private key in the key pair file MYKEY.PEM for the SSL proxy service, enter: 

host1/Admin(config-ssl-proxy)# key MYKEY.PEM

To delete the private key in the key pair file MYKEY.PEM from the SSL proxy service, enter: 

host1/Admin(config-ssl-proxy)# no key MYKEY.PEM

Related Commands

crypto verify

(config-ssl-proxy) cert

(config-ssl-proxy) chaingroup

(config-ssl-proxy) ssl advanced-options

(config-ssl-proxy) ssl advanced-options

To associate a context SSL parameter map with the SSL proxy server service, use the ssl advanced-options command. Use the no form of the command to remove the association of an SSL parameter map with the SSL proxy service.

ssl advanced-options parammap_name

no ssl advanced-options parammap_name

Syntax Description

parammap_name

Name of an existing SSL parameter map


Command Modes

SSL proxy configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To associate the parameter map PARAMMAP_SSL with the SSL proxy service, enter: 

host1/Admin(config-ssl-proxy)# ssl advanced-options PARAMMAP_SSL

To remove the association of an SSL parameter map PARAMMAP_SSL with the SSL proxy service, enter: 

host1/Admin(config-ssl-proxy)# no ssl advanced-options PARAMMAP_SSL

Related Commands

(config) parameter-map type

(config-ssl-proxy) cert

(config-ssl-proxy) chaingroup

(config-ssl-proxy) key