Table of Contents
Advertisement
Configuring Certificate Groups
Configuring Certificate Groups
Example: Configuring a Certificate Group
Cisco 11000 Series Secure Content Accelerator Configuration Guide
4-18
Certificate groups are collections of certificates used for certificate chains and
client and server authentication. Certificate chains are used in certain
circumstances such as when a known, trusted CA (such as Thawte or VeriSign)
provides a certificate to attest that certificates created by an intermediary CA can
be trusted. For example, a company can create its own certificates for internal use
only; however, clients do not accept the certificates because they were not created
by a known CA. When private certificates are chained with the trusted CA
certificate, clients accept them during SSL negotiations.
The locally created certificate, the intermediary CA certificate signed by a trusted CA,
and any other intermediary certificates are loaded into individual certificate objects
that are combined into a certificate group. This example demonstrates how to:
Load an intermediate CA certificate into a certificate object
•
•
Create a certificate group
Enable using the group as a certificate chain
•
The name of the SSL device is myDevice. The name of the secure logical server
is server1. The name of the DER-encoded, intermediary CA certificate is
CACertFile. The name of the PEM-encoded certificate generated by the
intermediary CA is localCertFile. The name of the certificate group is
CACertGroup.
1.
Initiate a management session as described previously.
Enter Privileged and Configuration modes.
2.
SCA> enable
SCA# configure
(config[myDevice)#
Chapter 4
Using the Configuration Manager
78-13124-06
Advertisement
Table of Contents
Troubleshooting
