Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1126
Views
5
Helpful
3
Replies

ACE certificates in an auth-group

craig bache
Level 1
Level 1

‎05-27-2013 02:49 AM

Hi All

I am hoping someone is able to assist with the following:

I am trying to assign multiple certificates to a single VIP via an Auth-group, the current limitation is 4 certificates in a Auth-group in A3(3.5) and support for 10 certificates within a Auth-group seems to be in a released in (A4(1.0) but we are running an ACE-20.

 

In terms of configuration we had to avoid using wildcard or giving out the same client SSL cert for different customers.  The web service we host has multiple 3rd parties connecting to it to manage it for support etc.  The 3rd parties can't be given the same client SSL cert for security reasons therefore we tried using the Auth-group and bundling a few together.

We are also constrained in creating multiple SSL services for the following reasons:

-          Webservice URL is restricted and licensed with 1 DNS entry

-          URL is web based so it would be difficult for us to set different DNS > IP addresses (each 3rd party hits a different SSL proxy but would use the same backend server farm)

                  

There seems to be discrepancy in the command documentation on A5(1.0):

Support for 10 certificates in an auth-group A2(3.0):

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/authngrp.html#wp1032855

Support for 10 certificates in an auth-group A4(1.0):

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/config.html#wpxref63102

Regards Craig

Labels:
0 Helpful
3 Replies 3

Jorge Bejarano
Level 4
Level 4

‎05-31-2013 05:13 AM

You said you have an ACE20 but it does not support A4 series, then do you have an ACE30 instead?

Jorge

0 Helpful

Jorge Bejarano
Level 4
Level 4

‎05-31-2013 05:28 AM

Craig for your information here you have this bug:

CSCuc96045

DOC:Authgroups are limited to 4 per context. This needs to be documented.

Symptom:
Document about Authgroup being limited to 4 per context need to be updated

Conditions:
When you try to configure authgroup in , there is a limitation of 4 authgroup per context.
If you try to configure a 5'th one, following is what you get:
Error: maximum number of authgroups already defined

Workaround:
None.  This is a documentation bug which is intended to update the documents  about the Authgroup limit to 4 per context need to be updated.

Mark if this answers your question.

Jorge

craig bache
Level 1
Level 1
In response to Jorge Bejarano

‎05-31-2013 05:53 AM

Hi Jorge

Thank you for the response, with regrads to the A4 and the ACE-20 I was just pointing out this is not an option due to the hardware not supporting the software.

Many thanks Craig

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card