Cisco Cisco ACE Application Control Engine Module

For example, to import all files from an SFTP server., enter the following command:

host1/Admin# crypto import bulk sftp 1.1.1.1 JOESMITH /USR/KEYS/*

Initiating bulk import. Please wait, it might take a while...

Connecting to 1.1.1.1...

JOESMITH@1.1.1.1’s Password: password

...

Bulk import complete. Summary:

Network errors:  

0

Bad file URL: 

0

Specified local files already exists: 0

Invalid file names: 

1

Failed reading remote files: 

5

Failed reading local files: 

0

Failed writing local files: 

0

Other errors: 

0

Successfully imported: 

10

host1/Admin#

For the complete syntax of and more information about the crypto import command, see the Cisco 
Application Control Engine Module SSL Configuration Guide for software version A2(1.0).

When you configure Certificate Revocation Lists (CRLs) on the ACE for server authentication, as 
described in the 

 section, the CRLs contain an update field that 

specifies the date when a new version will be available. By default, the ACE continues to use CRLs that 
contains an update field with an expired date and, thus, does not reject incoming server certificates using 
the CRL.

To configure the ACE to consider a server certificate as revoked when the CRL in use has expired, use 
the expired-crl reject command in parameter map SSL configuration mode. The syntax of this 
command is as follows:

For example, enter the following command:

host1/Admin(config-parammap-ssl)# expired-crl reject

To reset the default behavior of the ACE of not considering a server certificate as revoked after the CRL 
in use has expired, enter the following command:

host1/Admin(config-parammap-ssl)# no expired-crl reject