Application Control Engine Module Command Reference (Software Version A2(3.0))
Chaingroup Configuration Mode Commands
Download this chapter
Chaingroup Configuration Mode CommandsChaingroup Configuration Mode Commands
Download the complete book
Cisco Application Control Engine Moduole Command Reference (Software Version A2(3.0))Cisco Application Control Engine Moduole Command Reference (Software Version A2(3.0)) (PDF - 13 MB)
give_us_feedback

Table Of Contents

Chaingroup Configuration Mode Commands

(config-chaingroup) cert


Chaingroup Configuration Mode Commands

Chaingroup configuration mode commands allow you to add Secure Sockets Layer (SSL) certificate files to a chain group.

To create a new chain group (or modify an existing chain group) and access chaingroup configuration mode, use the crypto chaingroup command. The CLI prompt changes to (config-chaingroup). Use the no form of the command to delete an existing chain group.

crypto chaingroup group_name

no crypto chaingroup group_name

Syntax Description

group_name

Name that you assign to the chain group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.


Command Modes

Configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command requires the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.

A chain group specifies the certificate chains that the ACE sends to its peer during the handshake process. A certificate chain is a hierarchical list of certificates that includes the subject's certificate, the root CA certificate, and any intermediate CA certificates. You include a chain group in the handshake process by configuring the SSL proxy-service with the chain group (see the (config) ssl-proxy service command).

The ACE supports the following certificate chain group capabilities:

A chain group can contain up to eight certificate chains.

Each context on the ACE can contain up to eight chain groups.

The maximum size of a chain group is 16 KB.

Examples

To create the chain group MYCHAINGROUP, enter: 

host1/Admin(config)# crypto chaingroup MYCHAINGROUP

Related Commands

(config) ssl-proxy service

(config-chaingroup) cert

To add certificate files to a chain group, use the cert command. Use the no form of the command to remove a certificate file from a chain group.

cert cert_filename

no cert cert_filename

Syntax Description

cert_filename

Name of an existing certificate file stored on the ACE. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters. To display a list of available certificate files, use the do show crypto files command.


Command Modes

Chaingroup configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

It is not necessary to add the certificates in any type of hierarchical order because the device verifying the certificates determines the correct order.

The ACE supports the following certificate chain group capabilities:

A chain group can contain up to eight certificate chains.

Each context on the ACE can contain up to eight chain groups.

The maximum size of a chain group is 16 KB.

Examples

To add the certificate files MYCERTS.PEM, MYCERTS_2.PEM, and MYCERTS_3.PEM to the chain group, enter: 

host1/Admin(config-chaingroup)# cert MYCERTS.PEM

host1/Admin(config-chaingroup)# cert MYCERTS_2.PEM 

host1/Admin(config-chaingroup)# cert MYCERTS_3.PEM

To remove the certificate file MYCERTS_2.PEM from the chain group, enter: 

host1/Admin(config-chaingroup)# no cert MYCERTS_2.PEM

Related Commands

(config) crypto chaingroup