Application Control Engine Module Command Reference (Software Version A2(1.0))
Authentication Group Configuration Mode Commands
Download this chapter
Authentication Group Configuration Mode CommandsAuthentication Group Configuration Mode Commands
Download the complete book
Cisco Application Control Engine Module Command Reference Book-Length PDF (Software Version A2(1.0))Cisco Application Control Engine Module Command Reference Book-Length PDF (Software Version A2(1.0)) (PDF - 19 MB)
give_us_feedback

Table Of Contents

Authentication Group Configuration Mode Commands

(config-authgroup) cert


Authentication Group Configuration Mode Commands

Authentication group configuration mode commands allow you to configure client authentication on a Secure Sockets Layer (SSL)-proxy service by assigning the authentication group to the service.

To create an authentication group and access authgroup configuration mode, use the crypto authgroup command. The CLI prompt changes to (config-authgroup). Use the no form of this command to delete an existing authentication group.

crypto authgroup group_name

no crypto authgroup group_name

Syntax Description

group_name

Name that you assign to the certificate authentication group. Enter the authentication group name as an unquoted, alphanumeric string from 1 to 64 characters.


Command Modes

Configuration mode

Admin and user contexts

Command History

Release
Modification

A2(1.0)

This command was introduced.


Usage Guidelines

This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.

During the flow of a normal SSL handshake, the server send its certificate to the client. The client verifies the identity of the server through the certificate. However, the client does not send any identification of its own to the server. When the client authentication feature is enabled on the ACE, it requires that the client send a certificate to the server.

On the ACE, you can implement a group of certificates that are trusted as certificate signers by creating an authentication group.

Examples

To create the authentication group AUTH-CERT1, enter: 

host1/Admin(config)# crypto authgroup AUTH-CERT1

Related Commands

(config) ssl-proxy service

(config-authgroup) cert

To add certificate files to the authentication group, use the cert command. You can configure an authentication group with up to four certificates. Use the no form of this command to remove a certificate file from the authentication group.

cert cert_filename

no cert cert_filename

Syntax Description

cert_filename

Name of an existing certificate file stored on the ACE. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. To display a list of available certificate files, use the do show crypto files command.


Command Modes

Chaingroup configuration mode

Admin and user contexts

Command History

Release
Modification

A2(1.0)

This command was introduced.


Usage Guidelines

It is not necessary to add the certificates in any type of hierarchical order because the device that verifies the certificates determines the correct order.

Examples

To add the certificate files MYCERTS.PEM and MYCERTS_2.PEM to the authentication group, enter:

host1/Admin(config-authgroup)# cert MYCERTS.PEM

host1/Admin(config-authgroup)# cert MYCERTS_2.PEM

To remove the certificate file MYCERTS_2.PEM from the authentication group, enter:

host1/Admin(config-authgroup)# no cert MYCERTS_2.PEM

Related Commands

(config) crypto authgroup