Chapter 4 Configuring SSL Termination
Configuring Virtual SSL Servers for an SSL Proxy List
4-22
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
To configure the CSS to insert client certificate fields in the HTTP header, use the
ssl-server number http-header client-cert command. For example:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 http-header
client-cert
To disable the insertion of client certificate fields and information in the HTTP
header, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 http-header
client-cert
Table 4-2 lists the inserted client certificate fields, description, format, and an
example. Depending on how the certificate was generated and what key algorithm
was used, all of these fields may not be present for the certificate.
Table 4-2 Client Certificate Fields Inserted in the HTTP Header
Client Certificate Field Description, Format, and Example
ClientCert-Fingerprint Description: Hash Output
Format: ASCII string of hexadecimal bytes separated by colons
Example: ClientCert-Fingerprint:
64:75:CE:AD:9B:71:AC:25:ED:FE:DB:C7:4B:D4:1A:BA
ClientCert-Subject-CN Description: X.509 subject’s common name
Format: String of characters representing the common name of
the subject to whom the certificate has been issued
Example: ClientCert-Subject-CN: www.cisco.com
ClientCert-Issuer-CN Description: X.509 Certificate Issuer’s Common Name
Format: String of characters representing the common name for
the certificate issuer
Example: ClientCert-Issuer-CN: www.exampleca.com
ClientCert-Certificate-Version Description: X.509 Certificate Version
Format: Numerical X.509 version (3, 2, or 1), followed by the
ASN.1 defined value for X.509 version (2, 1, or 0) in parentheses
Example: ClientCert-Certificate-Version: 3 (0x2)