Configuring Client Authentication - Cisco 11503 - CSS Content Services Switch Configuration Manual
Content services switch ssl configuration guide
Hide thumbs
Also See for 11503 - CSS Content Services Switch:
- Administration manual (392 pages) ,
- Hardware installation manual (184 pages) ,
- Getting started manual (142 pages)
Table of Contents
Advertisement
Chapter 4
Configuring SSL Termination
Configuring Client Authentication
OL-5655-01
For additional security, you can configure the SSL proxy server to request
certificates from clients. By default, client certificate authentication is disabled.
When you enable client authentication, the CSS requires the client to exchange a
certificate during the SSL handshake. The CSS verifies that the:
Client sending the certificate has a corresponding key
•
Certificate has not expired
•
Signature is valid
•
Issuing CA has not revoked the certificate
•
You can configure how the CSS handles a certificate that has expired, is invalid,
or has been revoked.
The following sections provide information on configuring client authentication:
Enabling Client Authentication
•
Specifying CA Certificates for Client Certificate Verification
•
Configuring a CRL Record
•
Assigning a CRL Record to the Virtual SSL Server
•
Handling Client Authentication Failures
•
To view client authentication configuration information, use the show
ssl-proxy-list ssl-server command. To view SSL counters for client
authentication-related activities, use the show ssl statistics command. See
Chapter 7, Displaying SSL Configuration Information and Statistics
information.
Configuring Virtual SSL Servers for an SSL Proxy List
Cisco Content Services Switch SSL Configuration Guide
for more
4-15
Advertisement
Table of Contents
