Chapter 6
Configuring SSL Initiation
Configuring Client Certificates and Keys
Note
OL-5655-01
To reset the buffer size to the default of 65536, enter:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 tcp
buffer-share tx
SSL servers frequently require that a client authenticate itself before a data
transfer can occur. To allow the client (in this case, the SSL module) to
authenticate itself to such a server, you must configure client certificates and keys
on the CSS.
To obtain a client certificate and key pair, contact your authorized certificate
authority (CA). Once the CA has prepared your client certificate and key pair, you
must import them into the CSS. For information about importing a certificate and
key pair, see the
"Importing or Exporting Certificates and Private Keys"
in
Chapter 3, Configuring SSL Certificates and
certificate and key pair, you must associate them with a filename. For information
about associating a certificate and key pair with filenames, see the
Certificate and Private Key Files with Names"
SSL Certificates and
Keys.
If the SSL module originates a connection to an SSL server that requests a client
certificate and no client certificate and key are configured on the CSS, the CSS
increments the Requested Client Certificate Not Sent counter.
When the SSL server does not receive the requested client certificate, it may close
the connection.
The following sections describe how to configure client certificates and keys.
Configuring Back-End SSL Servers in an SSL Initiation Proxy List
Cisco Content Services Switch SSL Configuration Guide
Keys. Once you have imported the
"Associating
section in
Chapter 3, Configuring
section
6-19