4-15
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Chapter 4 Configuring SSL Termination
Configuring Virtual SSL Servers for an SSL Proxy List
Configuring Client Authentication
For additional security, you can configure the SSL proxy server to request
certificates from clients. By default, client certificate authentication is disabled.
When you enable client authentication, the CSS requires the client to exchange a
certificate during the SSL handshake. The CSS verifies that the:
• Client sending the certificate has a corresponding key
• Certificate has not expired
• Signature is valid
• Issuing CA has not revoked the certificate
You can configure how the CSS handles a certificate that has expired, is invalid,
or has been revoked.
The following sections provide information on configuring client authentication:
• Enabling Client Authentication
• Specifying CA Certificates for Client Certificate Verification
• Configuring a CRL Record
• Assigning a CRL Record to the Virtual SSL Server
• Handling Client Authentication Failures
To view client authentication configuration information, use the show
ssl-proxy-list ssl-server command. To view SSL counters for client
authentication-related activities, use the show ssl statistics command. See
Chapter 7, Displaying SSL Configuration Information and Statistics for more
information.
To Next Page
Loading...
Need help?
General
