Cisco Cisco ACE Application Control Engine Module
13
Release Note for the Cisco Application Control Engine Module
OL-22471-01
New Software Features in Version A2(2.0)
For example, to import all files from an SFTP server., enter the following command:
host1/Admin# crypto import bulk sftp 1.1.1.1 JOESMITH /USR/KEYS/*
Initiating bulk import. Please wait, it might take a while...
Connecting to 1.1.1.1...
JOESMITH@1.1.1.1’s Password: password
...
Bulk import complete. Summary:
Network errors:
0
Bad file URL:
0
Specified local files already exists: 0
Invalid file names:
1
Failed reading remote files:
5
Failed reading local files:
0
Failed writing local files:
0
Other errors:
0
Successfully imported:
10
host1/Admin#
For the complete syntax of and more information about the crypto import command, see the Cisco
Application Control Engine Module SSL Configuration Guide for software version A2(1.0).
Application Control Engine Module SSL Configuration Guide for software version A2(1.0).
Rejecting Server Certificates Because of Expired CRL
When you configure Certificate Revocation Lists (CRLs) on the ACE for server authentication, as
described in the
described in the
section, the CRLs contain an update field that
specifies the date when a new version will be available. By default, the ACE continues to use CRLs that
contains an update field with an expired date and, thus, does not reject incoming server certificates using
the CRL.
contains an update field with an expired date and, thus, does not reject incoming server certificates using
the CRL.
To configure the ACE to consider a server certificate as revoked when the CRL in use has expired, use
the expired-crl reject command in parameter map SSL configuration mode. The syntax of this
command is as follows:
the expired-crl reject command in parameter map SSL configuration mode. The syntax of this
command is as follows:
expired-crl reject
For example, enter the following command:
host1/Admin(config-parammap-ssl)# expired-crl reject
To reset the default behavior of the ACE of not considering a server certificate as revoked after the CRL
in use has expired, enter the following command:
in use has expired, enter the following command:
host1/Admin(config-parammap-ssl)# no expired-crl reject