Chapter 4 Configuring SSL Termination
Configuring Virtual SSL Servers for an SSL Proxy List
4-8
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
To reset the virtual port to the default of 443, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 port
Assigning Certificate, Key, and Cipher Suites for Server
Authentication
The CSS supports server certificates that it sends to all clients for authentication.
To identify a certificate with a virtual SSL server, you must assign the certificates
and key that you have either imported to or generated on the CSS described in
Chapter 3, Configuring SSL Certificates and Keys. You must also assign the
cipher suite that correlates to the certificates and keys.
The following sections provide information for configuring server authentication:
• Specifying the RSA Certificate Name
• Specifying the RSA Key Pair Name
• Specifying the DSA Certificate Name
• Specifying the DSA Key Pair Name
• Specifying the Diffie-Hellman Parameter Filename
• Specifying Cipher Suites
Specifying the RSA Certificate Name
To identify the name of an RSA certificate association to be used in the exchange
of a public/private key pair for authentication and packet encryption, use the
ssl-server number rsacert name command. To see a list of existing RSA certificate
associations, use the ssl-server number rsacert ? command.
The specified RSA certificate must already be loaded on the CSS and an
association made (see Chapter 3, Configuring SSL Certificates and Keys). If there
is not a proper RSA certificate association, when you activate the SSL proxy list,
the CSS logs an error message and does not activate the list.
For example, to specify a previously defined RSA certificate association named
rsacert, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 rsacert myrsacert1
To Next Page
Loading...
