https://community.cisco.com/t5/application-networking/ace-certificates-in-an-auth-group/m-p/2255715#M40356 <HTML><HEAD></HEAD><BODY><P>You said you have an ACE20 but it does not support A4 series, then do you have an ACE30 instead?</P><P></P><P>Jorge</P></BODY></HTML> Fri, 31 May 2013 12:13:27 GMT Jorge Bejarano 2013-05-31T12:13:27Z https://community.cisco.com/t5/application-networking/ace-certificates-in-an-auth-group/m-p/2255714#M40355 <P>Hi All</P><P></P><P>I am hoping someone is able to assist with the following: </P><P></P><P>I am trying to assign multiple certificates to a single VIP via an Auth-group, the current limitation is 4 certificates in a Auth-group in A3(3.5) and support for 10 certificates within a Auth-group seems to be in a released in (A4(1.0) but we are running an ACE-20. </P><P>&nbsp; </P><P>In terms of configuration we had to avoid using wildcard or giving out the same client SSL cert for different customers.&nbsp; The web service we host has multiple 3rd parties connecting to it to manage it for support etc.&nbsp; The 3rd parties can't be given the same client SSL cert for security reasons therefore we tried using the Auth-group and bundling a few together.</P><P></P><P>We are also constrained in creating multiple SSL services for the following reasons:</P><P></P><P>-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Webservice URL is restricted and licensed with 1 DNS entry</P><P></P><P>-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; URL is web based so it would be difficult for us to set different DNS &gt; IP addresses (each 3rd party hits a different SSL proxy but would use the same backend server farm)</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>There seems to be discrepancy in the command documentation on A5(1.0):</P><P></P><P>Support for 10 certificates in an auth-group A2(3.0):</P><P></P><P><A href="http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/authngrp.html#wp1032855">http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/authngrp.html#wp1032855</A></P><P></P><P>Support for 10 certificates in an auth-group A4(1.0):</P><P></P><P><A href="http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/config.html#wpxref63102">http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/config.html#wpxref63102</A></P><P></P><P>Regards Craig</P> Mon, 27 May 2013 09:49:38 GMT https://community.cisco.com/t5/application-networking/ace-certificates-in-an-auth-group/m-p/2255714#M40355 craig bache 2013-05-27T09:49:38Z https://community.cisco.com/t5/application-networking/ace-certificates-in-an-auth-group/m-p/2255715#M40356 <HTML><HEAD></HEAD><BODY><P>You said you have an ACE20 but it does not support A4 series, then do you have an ACE30 instead?</P><P></P><P>Jorge</P></BODY></HTML> Fri, 31 May 2013 12:13:27 GMT https://community.cisco.com/t5/application-networking/ace-certificates-in-an-auth-group/m-p/2255715#M40356 Jorge Bejarano 2013-05-31T12:13:27Z https://community.cisco.com/t5/application-networking/ace-certificates-in-an-auth-group/m-p/2255716#M40357 <HTML><HEAD></HEAD><BODY><P>Craig for your information here you have this bug: </P><H6><A href="https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&amp;page=bstBugDetail&amp;BugID=CSCuc96045" target="_blank">CSCuc96045</A></H6><P></P><TABLE border="0" cellpadding="5" cellspacing="2" width="100%"><TBODY><TR><TD colspan="2" style="font-size: 88%; padding: 8px 8px 8px 8px;"><STRONG>DOC:Authgroups are limited to 4 per context. This needs to be documented. </STRONG> </TD></TR><TR><TD style="font-size: 88%; padding: 0px 8px 8px 8px;" valign="top"><BR /> <STRONG>Symptom:</STRONG><BR />Document about Authgroup being limited to 4 per context need to be updated<P></P><STRONG><STRONG>Conditions</STRONG>:</STRONG><BR />When you try to configure authgroup in , there is a limitation of 4 authgroup per context.<BR />If you try to configure a 5'th one, following is what you get:<BR />Error: maximum number of authgroups already defined<P></P><STRONG>Workaround:</STRONG><BR />None.&nbsp; This is a documentation bug which is intended to update the documents&nbsp; about the Authgroup limit to 4 per context need to be updated. </TD></TR></TBODY></TABLE><P>Mark if this answers your question.</P><P></P><P>Jorge</P></BODY></HTML> Fri, 31 May 2013 12:28:24 GMT https://community.cisco.com/t5/application-networking/ace-certificates-in-an-auth-group/m-p/2255716#M40357 Jorge Bejarano 2013-05-31T12:28:24Z https://community.cisco.com/t5/application-networking/ace-certificates-in-an-auth-group/m-p/2255717#M40358 <HTML><HEAD></HEAD><BODY><P> Hi Jorge</P><P></P><P>Thank you for the response, with regrads to the A4 and the ACE-20 I was just pointing out this is not an option due to the hardware not supporting the software.</P><P></P><P>Many thanks Craig</P></BODY></HTML> Fri, 31 May 2013 12:53:23 GMT https://community.cisco.com/t5/application-networking/ace-certificates-in-an-auth-group/m-p/2255717#M40358 craig bache 2013-05-31T12:53:23Z