Chapter 4
Using the Configuration Manager
3.
4.
5.
6.
78-13124-05
Enter SSL Configuration mode and create an intermediary certificate object
named CACert, entering into Certificate Configuration mode. Load the
DER-encoded CACertFile file into the certificate object, and return to SSL
Configuration mode.
(config[myDevice])# ssl
(config-ssl[myDevice])# cert CACert create
(config-ssl-cert[CACert])# der CACertFile
(config-ssl-cert[CACert])# end
(config-ssl[myDevice])#
Create a certificate object named localCert, load the PEM-encoded certificate
file, and return to SSL Configuration mode.
(config-ssl[myDevice])# cert localCert create
(config-ssl-cert[localCert])# pem localCertFile
(config-ssl-cert[localCert])# end
(config-ssl[myDevice])#
Enter Certificate Group Configuration mode, create the certificate group
CACertGroup, load the certificate object CACert, and return to SSL
Configuration mode.
(config-ssl[myDevice])# certgroup CACertGroup create
(config-ssl-certgroup[CACertGroup])# cert CACert
(config-ssl-certgroup[CACertGroup])# end
(config-ssl[myDevice])#
Enter Server Configuration mode, create the logical secure server server1,
assign an IP address, SSL and clear text ports, a security policy myPol, the
certificate group CACertGroup, certificate localCert, key localKey
(compatible with the local certificate), and exit to Privileged mode.
(config-ssl[myDevice])# server server1 create
(config-ssl-server[server1])# ip address 10.1.2.4
(config-ssl-server[server1])# localport 443
(config-ssl-server[server1])# remoteport 81
(config-ssl-server[server1])# secpolicy myPol
(config-ssl-server[server1])# certgroup chain CACertGroup
(config-ssl-server[server1])# cert localCert
(config-ssl-server[server1])# key localKey
(config-ssl-server[server1])# finished
SCA#
Cisco 11000 Series Secure Content Accelerator Configuration Guide
Configuring Certificate Groups
4-19