EasyManuals Logo

Cisco 11503 - CSS Content Services Switch Configuration Guide

Cisco 11503 - CSS Content Services Switch
250 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #92 background imageLoading...
Page #92 background image
Chapter 4 Configuring SSL Termination
Configuring Virtual SSL Servers for an SSL Proxy List
4-10
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Specifying the DSA Key Pair Name
DSA key pairs are used to sign packet data, and they are required before another
device (client or server) can exchange an SSL certificate with the CSS. Use the
ssl-server number dsakey name command to identify the name of a DSA key pair
association. To see a list of existing DSA key pair associations, use the ssl-server
number dsakey ? command.
The DSA key pair must already be loaded on the CSS and an association made
(see Chapter 3, Configuring SSL Certificates and Keys). If there is not a proper
DSA key pair association, when you activate the SSL proxy list, the CSS logs an
error message and does not activate the list.
For example, to specify a previously defined DSA key pair association named
dsakey, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 dsakey mydsakey1
To remove a DSA key pair association from a specific virtual SSL server, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 dsakey
Specifying the Diffie-Hellman Parameter Filename
The Diffie-Hellman key exchange parameter file ensures that the two devices in a
data exchange cooperate to generate a shared key for packet encryption and
authentication. Use the ssl-server number dhparam name command to identify
the name of a Diffie-Hellman key exchange parameter file association. To see a
list of existing Diffie-Hellman key exchange parameter files, use the ssl-server
number dhparam ? command.
The Diffie-Hellman parameter file must already be loaded on the CSS and an
association made (see Chapter 3, Configuring SSL Certificates and Keys). If there
is not a proper Diffie-Hellman parameter file association, when you activate the
SSL proxy list, the CSS logs an error message and does not activate the list.
To specify a previously defined Diffie-Hellman parameter file association, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 dhparam mydhparams1
To remove a Diffie-Hellman parameter file association from a specific virtual SSL
server, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 dhparam

Table of Contents

Other manuals for Cisco 11503 - CSS Content Services Switch

Preview: Administration Guide
Administration Guide392 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 11503 - CSS Content Services Switch and is the answer not in the manual?

Cisco 11503 - CSS Content Services Switch Specifications

General IconGeneral
BrandCisco
Model11503 - CSS Content Services Switch
CategorySwitch
LanguageEnglish

Related product manuals