Chapter 3 Using the QuickStart Wizard
Using the QuickStart Wizard
3-8
Cisco 11000 Series Secure Content Accelerator Configuration Guide
78-13124-06
To use a certificate already loaded into the appliance (including default
certificates) rather than certificate on disk, type 2 when prompted to choose an
option. All available certificates are displayed. Enter the name of the certificate to
use. If you enter an invalid certificate name, you receive an error message and are
prompted to re-enter the certificate name.
Note
When using default keys and certificates, the certificate and key you
choose must match. The pre-loaded “default” and “default-512”
keys and certificates are interchangeable and can be used in
combination. The “default-1024” key and certificate must be used in
conjunction. If you have entered a key and certificate that cannot be
used together, you are asked whether to re-enter the key and
certificate. If you do not choose to re-enter the key and certificate,
your choices are accepted, but the secure server is not configured
correctly and will not function properly.
After the certificate has been properly loaded, you are shown a summary and
asked to specify a security policy.
CONFIGURE SSL-SERVER ‘myServer’ SECURITY POLICY
SSL-server name
:myServer
IP address
:10.1.2.3
Secure Port
:443
Clear Port
:80
Key name
:default
Cert name
:default
You need to enter a security policy for ssl-server ‘myServer’.
To simplify the encryption algorithms, you have 3 options:
strong -RSA key size of 1024, DES_MD5, DES_SHA1, 3DES_MD5,
3DES_SHA1, ARC4_MD5, and ARC4_SHA1
weak - RSA key size of 512, exp DES_SHA1, ARC2_MD5, ARC4_MD5,
RSA key size of 1024, exp ARC2_MD5, DES_SHA1, ARC4_SHA1,
MD5, and SHA1
default-RSA key size of 1024, ARC4_MD5, ARC4_SHA1 and exp ARC4_MD5,
ARC4_SHA1, ARC2_MD5
RSA key size of 512, exp ARC4_MD5, MD5, and SHA1