EasyManuals Logo

Cisco 11503 - CSS Content Services Switch Configuration Guide

Cisco 11503 - CSS Content Services Switch
250 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #101 background imageLoading...
Page #101 background image
4-19
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Chapter 4 Configuring SSL Termination
Configuring Virtual SSL Servers for an SSL Proxy List
Assigning a CRL Record to the Virtual SSL Server
After you configure the CRL record, you can assign it to the virtual SSL server.
To assign the CRL record to the virtual SSL server, use the ssl-server number crl
command. You can assign only one CRL record to a virtual SSL server. For
example, to assign the mycrl CRL record, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 crl mycrl
To remove the mycrl CRL record from a virtual SSL server, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 crl mycrl
Handling Client Authentication Failures
A client certificate can fail if it is invalid, expired, or revoked by a CA. By default,
when authentication of a client certificate fails on the CSS, the CSS rejects the
client connection.
Note If a CSS cannot download the CRL, client connections will fail using a Revoked
SSL alert. To verify that the CRL has successfully loaded, use the show ssl
statistics ssl command.
You can configure how the CSS handles a failed client certificate through the
ssl-server number failure command and the following options:
• ignore - The CSS ignores client authentication failures and allows both
invalid and valid certificates to connect. For example, to configure the CSS to
ignore client authentication failures, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 failure ignore
Note If you configure the ignore option, it may create a security risk.
• reject - Resets the CSS default behavior of rejecting the client connection
when client authentication fails. For example, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 failure reject

Table of Contents

Other manuals for Cisco 11503 - CSS Content Services Switch

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 11503 - CSS Content Services Switch and is the answer not in the manual?

Cisco 11503 - CSS Content Services Switch Specifications

General IconGeneral
BrandCisco
Model11503 - CSS Content Services Switch
CategorySwitch
LanguageEnglish

Related product manuals