https://community.cisco.com/t5/application-networking/question-about-sslm-configure/m-p/1245031#M25831 <HTML><HEAD></HEAD><BODY><P>You can remove the certificate but you need to be in certificate chain configuration mode to delete certificates. An example configuration is provided here</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c5.html#wp1043434" target="_blank">http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c5.html#wp1043434</A> </P></BODY></HTML> Wed, 08 Apr 2009 22:06:37 GMT brispin 2009-04-08T22:06:37Z https://community.cisco.com/t5/application-networking/question-about-sslm-configure/m-p/1245030#M25830 <P>I have a question about our SSLM configure, please see the following example:</P><P></P><P>service aa-SSL </P><P> virtual ipaddr 172.25.17.15 protocol tcp port 443 secondary</P><P> server ipaddr 172.24.92.6 protocol tcp port 80</P><P> certificate rsa general-purpose trustpoint <A class="jive-link-custom" href="http://www.app.aa.com" target="_blank">www.app.aa.com</A></P><P> no nat server</P><P> inservice</P><P></P><P>crypto pki trustpoint <A class="jive-link-custom" href="http://www.app.aa.com" target="_blank">www.app.aa.com</A></P><P>revocation-check none</P><P>rsakeypair <A class="jive-link-custom" href="http://www.app.aa.com" target="_blank">www.app.aa.com</A></P><P></P><P>crypto ca import <A class="jive-link-custom" href="http://www.app.aa.com" target="_blank">www.app.aa.com</A> pkcs12 t<A class="jive-link-custom" href="ftp:xxx" target="_blank">ftp:xxx</A></P><P></P><P>======================================</P><P>Once we finish the configuration, we could find the corresponding cer in SSLM, like:</P><P></P><P>crypto pki certificate chain <A class="jive-link-custom" href="http://www.app.aa.com" target="_blank">www.app.aa.com</A></P><P></P><P>My first question is how to remove this cert if we want to decommission aa-ssl environment? Is it only with â&#128;&#156;no crypto pki certificate chain <A class="jive-link-custom" href="http://www.app.aa.comâ&#128;&#157;" target="_blank">www.app.aa.comâ&#128;&#157;</A> </P><P></P><P>If we have another environment like <A class="jive-link-custom" href="http://www.pre.app.aa.com" target="_blank">www.pre.app.aa.com</A> shared the same VIP with <A class="jive-link-custom" href="http://www.app.aa.com." target="_blank">www.app.aa.com.</A> My second question is could I create only one ssl entry with wildcard like the following configuration:</P><P></P><P>service aa-SSL </P><P> virtual ipaddr 172.25.17.15 protocol tcp port 443 secondary</P><P> server ipaddr 172.24.92.6 protocol tcp port 80</P><P> certificate rsa general-purpose trustpoint *.app.aa.com</P><P> no nat server</P><P> inservice</P><P></P><P>Please advice! I would appreciate it!</P> Thu, 02 Apr 2009 18:26:30 GMT https://community.cisco.com/t5/application-networking/question-about-sslm-configure/m-p/1245030#M25830 HWangLoyalty_2 2009-04-02T18:26:30Z https://community.cisco.com/t5/application-networking/question-about-sslm-configure/m-p/1245031#M25831 <HTML><HEAD></HEAD><BODY><P>You can remove the certificate but you need to be in certificate chain configuration mode to delete certificates. An example configuration is provided here</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c5.html#wp1043434" target="_blank">http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c5.html#wp1043434</A> </P></BODY></HTML> Wed, 08 Apr 2009 22:06:37 GMT https://community.cisco.com/t5/application-networking/question-about-sslm-configure/m-p/1245031#M25831 brispin 2009-04-08T22:06:37Z