Cisco Cisco ACE Application Control Engine Module
12
Release Note for the Cisco Application Control Engine Module
OL-22471-01
New Software Features in Version A2(2.0)
Bulk Importing of SSL Certificates and Key Pair Files
The bulk import feature allows you to import multiple SSL certificates and key-pair files at the same
time. Because this feature imports files with the names that they have on the remote server, consider the
following:
time. Because this feature imports files with the names that they have on the remote server, consider the
following:
•
The ACE fetches all files on the remote server that matches the wildcard criteria. However, it
imports only files with names that have a maximum of 39 characters. If the name of a file exceeds
40 characters, the ACE does not import the file and discards it.
imports only files with names that have a maximum of 39 characters. If the name of a file exceeds
40 characters, the ACE does not import the file and discards it.
•
If you attempt to import a file that has the same filename of an existing local file, the ACE does not
overwrite the existing file. Before importing the updated file, you must either rename the imported
file or delete the local file.
overwrite the existing file. Before importing the updated file, you must either rename the imported
file or delete the local file.
The crypto import command has been expanded to include a bulk keyword and its options and
arguments. The syntax of this command is as follows:
arguments. The syntax of this command is as follows:
crypto import [non-exportable] bulk sftp [passphrase passphrase] ip_addr username
remote_path
The keywords, options, and arguments are as follows:
•
non-exportable—(Optional) Marks the imported file as nonexportable, which means that you
cannot export the file from the ACE.
cannot export the file from the ACE.
•
bulk—Specifies the importing of multiple certificate or key pair files simultaneously.
•
sftp—Specifies the Secure File Transfer Protocol file transfer process.
•
passphrase passphrase—(Optional) Indicates that the file was created with a passphrase, which you
must submit with the file transfer request in order to use the file.The passphrase pertains only to
encrypted PEM files and PKCS files. The passphrase should apply to all files being imported.
must submit with the file transfer request in order to use the file.The passphrase pertains only to
encrypted PEM files and PKCS files. The passphrase should apply to all files being imported.
•
ip_addr—IP address of the remote server. Enter an IP address in dotted-decimal notation (for
example, 192.168.12.15).
example, 192.168.12.15).
•
username—Username required to access the remote server. When you execute the command, the
ACE prompts you for the password of the username on the remote server. Enter a name with a
maximum of 64 characters. Do not include spaces or the following special characters:
ACE prompts you for the password of the username on the remote server. Enter a name with a
maximum of 64 characters. Do not include spaces or the following special characters:
;<>\|‘@$&()
•
remote_path—Remote path to the certificate or key pair files that reside on the remote server. The
ACE fetches only files specified by the path; it does not recursively fetch remote directories. Enter
a filename path including wildcards (for example, /remote/path/*.pem). The ACE supports POSIX
pattern matching notation, as specified in section 2.13 of the “Shell and Utilities” volume of IEEE
Std 1003.1-2004. This notation includes the “*,” “?” and “[“ metacharacters.
ACE fetches only files specified by the path; it does not recursively fetch remote directories. Enter
a filename path including wildcards (for example, /remote/path/*.pem). The ACE supports POSIX
pattern matching notation, as specified in section 2.13 of the “Shell and Utilities” volume of IEEE
Std 1003.1-2004. This notation includes the “*,” “?” and “[“ metacharacters.
To fetch all files from a remote directory, specify a remote path that ends with a wildcard character
(for example, /remote/path/*). Do not include spaces or the following special characters:
(for example, /remote/path/*). Do not include spaces or the following special characters:
;<>\|‘@$&()
Note
After the crypto import bulk command initially executes, pressing Ctrl-C may not cancel it.
at the
same time. See
for more information.