Manuals / Cisco Systems / Computer Equipment / Switch

Cisco Systems 6500 pool ca, 2-51, Syntax Description, Defaults Command Modes Command History

Models: 6500

1 160

Download 160 pages 24.26 Kb

Page 77

pool ca

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

pool ca

pool ca

To enter the certificate authority pool configuration submode, use the pool ca command. In the certificate authority pool configuration submode, you can configure a certificate authority pool, which lists the CAs that the module can trust.

pool ca ca-pool-name

Syntax Description

ca-pool-name

Certificate authority pool name.

Defaults

Command Modes

Command History

This command has no arguments or keywords.

Context subcommand mode

Release	Modification
SSL Services Module	Support for this command was introduced on the Catalyst 6500 series
Release 2.1(1)	switches.

SSL Services Module	The pool ca command (entered in context subcommand mode) replaces
Release 3.1(1)	the ssl-proxy pool ca command (entered in global subcommand mode).

Usage Guidelines			Enter each certificate-authority pool configuration submode command on its own line.
			Table 2-7lists the commands that are available in certificate-authority pool configuration submode.
			Table 2-7 Proxy-policy TCP Configuration Submode Command Descriptions

			Syntax	Description

			ca	Configures a certificate authority. The available subcommand is as follows:
				trustpoint ca-trustpoint-name—Configures a certificate-authority trustpoint.
				Use the no form of this command to return to the default setting.

			default	Sets a command to its default settings.

			exit	Exits from proxy-service configuration submode.

			help	Allows you to configure the connection-establishment timeout; valid values are
				from 5 to 75 seconds. Use the no form of this command to return to the default
				setting.


Examples			This example shows how to add a certificate-authority trustpoint to a pool:
			ssl-proxy(config)#ssl-proxy context s1
			ssl-proxy(config-context)# pool ca test1
			ssl-proxy(config-ctx-ca-pool)# ca trustpoint test20
			ssl-proxy(config-ctx-ca-pool)#
				Catalyst 6500 Series Switch SSL Services Module Command Reference


	OL-9105-01					2-51
	OL-9105-01					2-51

Image 77

Cisco Systems 6500 pool ca, 2-51, Syntax Description, Defaults Command Modes Command History, Release, Modification, exit

Contents

Catalyst 6500 Series Switch SSL Services Module Command Reference Corporate HeadquartersRelease Cisco Systems, Inc 170 West Tasman Drive San Jose, CATHE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS Definitions of Service Request Severity How to Find Command OptionsCommand-Line Interface C O N T E N T Sservice Commands for the Catalyst 6500 Series Switch SSL Services Moduleservice client natpoolssl-proxy pki snmp-server enableAcronyms A-1 show ssl-proxy vlanOL-9105-01 ContentsCatalyst 6500 Series Switch SSL Services Module Command Reference Commands for the Catalyst Command-Line InterfaceSeries Switch SSL Services PrefaceConvention Conventionsboldface font example, interface interface typeProduct Documentation DVD Obtaining DocumentationCisco.com Ordering Documentation Documentation FeedbackCisco Product Security Overview Obtaining Technical Assistance Reporting Security Problems in Cisco ProductsCisco Technical Support & Documentation Website Emergencies - security-alert@cisco.comDefinitions of Service Request Severity Submitting a Service Requestxiii Obtaining Additional Publications and InformationOL-9105-01 Catalyst 6500 Series Switch SSL Services Module Command ReferencePreface Obtaining Additional Publications and Information Getting Help, page How to Find Command Options, page Command-Line InterfaceUnderstanding Command Modes, page Using the No and Default Forms of Commands, pagePurpose How to Find Command OptionsCommand Table 1-2 How to Find Command Options CommandComment Table 1-2 How to Find Command Options continued Commandssl-proxyconfig-if# channel-group 1 mode auto ? ssl-proxyconfig-if# channel-group 1 mode autoAccess Method Understanding Command Modesconfigure terminal privileged EXEC configure terminalinterface command Using the No and Default Forms of Commandsimage using the boot system flash filename with an interfaceRegular Expressions Using the CLI String SearchSingle-Character Patterns Characteraeiou \$ \ \+abcdABCD a-dA-DMultipliers Multiple-Character Patternstelebit 3107 v32bis ba?bAnchoring AlternationA-Za-z0-9+ codex telebit1300 Parentheses for Recall1300$ 1300space space1300 1300, ,1300, 1300 ,1300 a.bc.\1\2Chapter 1 Command-Line Interface Using the CLI String Search 1-12Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01C H A P T E R Commands for the Catalyst 6500 Series Switch SSL Services ModuleDefaults service nameCommand Modes Command History clear ssl-proxy connclear ssl-proxy content all rewrite scanning module module clear ssl-proxy contentDefaults Command Modes Command History This example shows how to clear all of the content statisticsUsage Guidelines clear ssl-proxy sessionservice name DefaultsCommand Modes service nameclear ssl-proxy stats ssl tcp urlRelease Command History Usage Guidelines ExamplesModification context namecrypto pki export pem DefaultsCommand Modes Command History Releasecrypto pki import pem Examplescrypto pki import pem Defaults Command History Command HistorySyntax Description Release151129.901 %SYS-5-CONFIGI Configured from console by console 2-10Examples crypto pki export pem2-11 crypto pki export pkcs12Defaults Command Modes Command History ReleaseChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-12Catalyst 6500 Series Switch SSL Services Module Command Reference ssl-proxyconfig# crypto pki export TP1 pkcs12 scp sky is blue2-13 crypto pki import pkcs12Defaults Command Modes Command HistoryChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-14filename TP2? /users/admin-1/pkcs12/TP2.p12 Catalyst 6500 Series Switch SSL Services Module Command Referencecrypto key decrypt write rsa name key-name passphrase passphrase crypto key decrypt rsapassphrase passphrase 2-15crypto key encrypt write rsa name key-name passphrase passphrase crypto key encrypt rsa2-16 Defaults2-17 crypto key export rsa pemDefaults Command Modes Command History Syntax Description2-18 This example shows how to export a key from the SSL Services ModuleChapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Reference2-19 crypto key import rsa pemDefaults Command Modes Command History Syntax DescriptionChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-20ssl-proxyconfig# crypto key import rsa newkeys pem url scp password Catalyst 6500 Series Switch SSL Services Module Command Referencecrypto key lock rsa name key-name passphrase passphrase crypto key lock rsa2-21 Defaults Command Modes Command Historycrypto key unlock rsa name key-name passphrase passphrase crypto key unlock rsa2-22 Defaults Command Modes Command Historydebug ssl-proxy content typepki type ssl type tcp type vlan fdu type2-24 Command Historycontent type ReleaseExamples This example shows how to turn on App debugging2-25 Release Command ModesModification Usage Guidelinesdefault Syntax Description Defaults Command Modes Command Historyinterface ssl-proxy Syntaxtext string delay minimum min-delay standby group-number authenticationgroup-name preempt delayminimum priority priority redirects enableExamples 2-29Related Commands show interfaces ssl-proxy show ssl-proxy vlan show ssl-proxy natpool natpool2-30 Defaultspolicy health-probe tcp Syntax Description Defaults Command Modespolicy health-probe tcp policy-name failed-interval is 60 secondsopen-timeout seconds 2-32Syntax DescriptionRelated Commands show ssl-proxy policy show ssl-proxy service 2-33client-cert pem policy http-headeralias Field To InsertField To Insert 2-35Description ClientCert-Subject-CN2-36 Field to insertDescription Syntaxprefix client-ip-portsession 2-37Related Commands show ssl-proxy policy 2-38policy ssl timeout session timeout absolute2-39 DefaultsThis command was changed to add the following subcommands SSL Services ModuleThe policy ssl command entered in context subcommand mode replaces the ssl-proxy policy ssl command entered in global subcommand modetimeout handshake timeout renegotiation volume sizehelp renegotiation interval timeall-export-All export ciphers all-strong-All strong ciphers default 2-42Examples 2-43This example shows how to enter the SSL-policy configuration submode Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-44Catalyst 6500 Series Switch SSL Services Module Command Reference policy ssl2-45 policy tcpDefaults Command Modesdelayed-ack-timeout timer delayed-ack-threshold delayno timeout fin-wait timeout-in-seconds no timeout inactivity timeout-in-secondsno tos carryover no timeout reassembly time2-47 SyntaxThis example shows how to define the maximum size for the TCP segment 2-482-49 policy url-rewriteDefaults Command ModesExamples 2-50Enter the no form of the command to remove the policy 2-51 pool caDefaults Command Modes Command History defaultservice client command service2-52 Defaultsdefault certificate inservice nat server authenticate verify all signature-onlyinservice certificate rsa general-purpose trustpointSyntax 2-54Description virtual policy ssl ssl-policy-nameRelated Commands show ssl-proxy service 2-55policy health-probe tcp policy http-header service client2-56 Syntax Description Defaults Command Modesvirtual policy ssl ssl-policy-name nat server client natpool-namevirtual policy tcp vlan vlanExamples 2-58Related Commands show ssl-proxy service show interfaces ssl-proxy 0.subinterface show interfaces ssl-proxy2-59 Defaultsshow ssl-proxy buffers This command has no default settingsshow ssl-proxy buffers 2-60show ssl-proxy certificate-history show ssl-proxy certificate-history service name2-61 Defaults Command Modes Command HistoryChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-62Catalyst 6500 Series Switch SSL Services Module Command Reference Examples2-63 Related Commands serviceChapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referenceshow ssl-proxy conn show ssl-proxy conn service name context name module moduleshow ssl-proxy conn module module 4tupleRelease 2-65Modification context nameChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-66Catalyst 6500 Series Switch SSL Services Module Command Reference ssl-proxy# show ssl-proxy conn service iis1show ssl-proxy context name show ssl-proxy context2-67 Defaultsshow ssl-proxy crash-info brief details show ssl-proxy crash-infobrief detailsChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-69Catalyst 6500 Series Switch SSL Services Module Command Reference show ssl-proxy crash-infoshow ssl-proxy mac address show ssl-proxy mac address2-70 Syntax Description Defaults Command Modes Command Historyshow ssl-proxy natpool namecontext name show ssl-proxy natpool2-71 Defaults Command Modes Command Historyurl-rewrite name show ssl-proxy policyhealth-probe tcp http-headerReassembly timeout 2-73Disabled Delayed ACK timerssl-proxy# show ssl-proxy policy health-probe tcp tcp-health 2-74policy tcp policy url-rewrite show ssl-proxy service namecontext name show ssl-proxy service2-75 Defaults Command Modes Command HistoryRelated Commands service 2-76Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module show ssl-proxy serviceshow ssl-proxy stats contentshow ssl-proxy stats type 2-77Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-78Catalyst 6500 Series Switch SSL Services Module Command Reference ExamplesChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-79show ssl-proxy stats ssl-proxy# show ssl-proxy stats pki PKI Memory Usage CountersChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-80ssl-proxy# show ssl-proxy stats context Context name Default Catalyst 6500 Series Switch SSL Services Module Command ReferenceChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-81ssl-proxy# show ssl-proxy stats content Catalyst 6500 Series Switch SSL Services Module Command Referenceshow ssl-proxy status fdu ssl tcp show ssl-proxy statusSyntax Description Optional Displays the FDU statusChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-83Catalyst 6500 Series Switch SSL Services Module Command Reference show ssl-proxy statusshow ssl-proxy version show ssl-proxy version2-84 Syntax Description Defaults Command Modes Command Historyshow ssl-proxy vlan Related Commandsshow ssl-proxy vlan vlan-iddebugmodule module 2-85Defaults Command Modes Command History Examples snmp-server enableinforms trapsssl-proxy context name no ssl-proxy context name ssl-proxy contextPurpose and Guidelines description description2-88 Purpose and GuidelinesCommand Defaultsssl-proxy crypto selftest time-interval seconds ssl-proxy crypto selftestno ssl-proxy crypto selftest time-intervalssl-proxy mac address This example shows how to configure a MAC addressssl-proxy mac address mac-addr 2-90authenticate no ssl-proxy pki authenticate cache certificate historytimeout seconds timeout minutesExamples 2-92Related Commands show ssl-proxy stats ssl-proxy crypto key unlock rsa key-name passphrase passphrase ssl-proxy crypto key unlock rsa2-93 Defaults Command Modes Command Historyssl-proxy ip-frag-ttl time ssl-proxy ip-frag-ttl2-94 Syntax Description Defaults Command Modesssl-proxy ssl ratelimit no ssl-proxy ssl ratelimit ssl-proxy ssl ratelimit2-95 Defaultsstandby group-number authentication text string standby authenticationno standby group-number authentication text string 2-96standby delay minimum min-delay reload reload-delay standby delay minimum reloadno standby delay minimum min-delay reload reload-delay 2-972-98 show standby delayRelated Commands Chapter 2 Commands for the Catalyst 6500 Series SSL Services Modulestandby ip Defaults Command Modes Command History Usage Guidelines2-99 Syntax DescriptionExamples 2-100used by the hot standby group is learned using HSRP no standby group-number mac-address standby mac-addressAPPN 2-101Examples show standby2-102 standby mac-refresh seconds no standby mac-refresh standby mac-refresh2-103 Defaults Command Modes Command Historystandby name This example shows how to specifiy the standby name as SanJoseHAstandby name group-name no standby name group-name 2-1042-105 standby preemptDefaults Command Modes Command HistoryExamples 2-106ssl-proxy config-subif# standby preempt delay minimum no standby group-number priority priority standby priority2-107 Defaults Command Modes Command HistoryRelated Commands 2-108Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referencedisable enabletimers standby redirectsRelated Commands show standby This example shows how to allow HSRP to filter ICMP redirect messagesshow standby redirect 2-1102-111 standby timersDefaults Command Modes Command Historytimers 5 2-112standby timers msec 300 msec Examples2-113 standby trackDefaults Command Modes Command History Syntax DescriptionRouter B Configuration Router A ConfigurationRelated Commands standby preempt 2-114standby use-bia scope interface no standby use-bia standby use-biascope interface 2-115standby version This example shows how to configure HSRP versionstandby version 1 Specifies HSRP versionA P P E N D I X A AcronymsAcronym ExpansionTable A-1 List of Acronyms continued AcronymExpansion Expansion AcronymExpansion AcronymExpansion AcronymExpansion AcronymExpansion AcronymExpansion AcronymAcronym Catalyst 6500 Series Switch SSL Services Module Command ReferenceExpansion Table A-1 List of Acronyms continuedCatalyst 6500 Series Switch SSL Services Module Command Reference A-10Appendix A Acronyms OL-9105-01A P P E N D I X B Acknowledgments for Open-Source SoftwareOL-9105-01 Catalyst 6500 Series Switch SSL Services Module Command ReferenceAppendix B Acronyms Numerics SymbolsI N D E IN-1IN-2 secondary interface IN-3configuring IN-4 IN-5 Catalyst 6500 Series Switch SSL Services Module Command Reference IN-6Index OL-9105-01