Configuring Virtual SSL Servers for an SSL Proxy List
Table 4-2
Client Certificate Fields Inserted in the HTTP Header
Client Certificate Field
ClientCert-Fingerprint
ClientCert-Subject-CN
ClientCert-Issuer-CN
ClientCert-Certificate-Version
Cisco Content Services Switch SSL Configuration Guide
4-22
To configure the CSS to insert client certificate fields in the HTTP header, use the
ssl-server number http-header client-cert command. For example:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 http-header
client-cert
To disable the insertion of client certificate fields and information in the HTTP
header, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 http-header
client-cert
Table 4-2
lists the inserted client certificate fields, description, format, and an
example. Depending on how the certificate was generated and what key algorithm
was used, all of these fields may not be present for the certificate.
Description, Format, and Example
Description: Hash Output
Format: ASCII string of hexadecimal bytes separated by colons
Example: ClientCert-Fingerprint:
64:75:CE:AD:9B:71:AC:25:ED:FE:DB:C7:4B:D4:1A:BA
Description: X.509 subject's common name
Format: String of characters representing the common name of
the subject to whom the certificate has been issued
Example: ClientCert-Subject-CN: www.cisco.com
Description: X.509 Certificate Issuer's Common Name
Format: String of characters representing the common name for
the certificate issuer
Example: ClientCert-Issuer-CN: www.exampleca.com
Description: X.509 Certificate Version
Format: Numerical X.509 version (3, 2, or 1), followed by the
ASN.1 defined value for X.509 version (2, 1, or 0) in parentheses
Example: ClientCert-Certificate-Version: 3 (0x2)
Chapter 4
Configuring SSL Termination
OL-5655-01