Chapter 6 Configuring SSL Initiation
Troubleshooting SSL Initiation
6-30
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Troubleshooting SSL Initiation
The following information is designed to assist you in troubleshooting issues that
you may encounter when configuring SSL initiation.
For issues with the SSL proxy list:
• Verify that you have configured the back-end server as type initiation. See the
“Configuring the Back-End Server as an SSL Initiation Server” section.
• Verify that you have added the SSL proxy list to a service of type ssl-init and
you have activated the service. See the “Configuring a Service for SSL
Initiation” section.
• Verify that you have added the SSL service to a content rule and you have
activated the content rule. See the “Configuring a Content Rule for SSL
Initiation” section.
For issues with client certificates:
• Verify that you have configured the client certificate and key on the
appropriate back-end server in the SSL proxy list. See the “Configuring
Client Certificates and Keys” section.
• Verify that you have added the SSL proxy list to a service of the type for
which the back-end server will be used. Use the type ssl-init command for
SSL initiation and the type ssl-accel-backend command for back-end SSL.
See the “Configuring a Service for SSL Initiation” section.
• Verify that you have added the SSL service to a content rule and that the
content rule is active. See the “Configuring a Content Rule for SSL Initiation”
section.
• Ensure that the SSL server is configured to request a client certificate.
• Use a sniffer on the back-end connection to verify that the server is requesting
a client certificate and that the CSS is sending the certificate.
To Next Page
Loading...
