Chapter 4 Configuring SSL Termination
Configuring Virtual SSL Servers for an SSL Proxy List
4-16
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Enabling Client Authentication
By default, client authentication is disabled on the CSS. The authentication
option of the ssl-server command allows you to enable or disable client
authentication. For example, to enable client authentication, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 authentication
enable
To reset the default setting of disabling client authentication, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 authentication
You can also reset the default setting of disabling client authentication by using
the disable option. For example, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 authentication
disable
After you enable client authentication on the CSS, you must specify a CA
certificate that the CSS uses to verify client certificates.
Specifying CA Certificates for Client Certificate Verification
CA certificates contain the public key of the CA. If a server has the CA public key,
it can verify that a client certificate was signed by the CA. If you assign a CA
certificate to a virtual SSL server, the CSS uses the key in the certificate to verify
the digital signature in the client certificate.
Note You must configure a CA certificate before you activate the SSL proxy list.
Before you configure the certificate on a virtual SSL server, you must import a
CA certificate on the CSS and then associate it with a filename. For information
on importing a CA certificate, see the “Importing or Exporting Certificates and
Private Keys” section in Chapter 3, Configuring SSL Certificates and Keys. For
information on associating a certificate with a filename, see the “Associating a
Certificate with a File” also in Chapter 3, Configuring SSL Certificates and Keys.
You must configure at least one certificate; however, you can configure a
maximum of four certificates. If you try to configure more than four certificates,
the CSS displays an error message.
To Next Page
Loading...
Need help?
General
