https://community.cisco.com/t5/application-networking/managing-ssl-certifications/m-p/1028937#M20439 <HTML><HEAD></HEAD><BODY><P>Hi Gilles,</P><P></P><P>Thank you for your support.</P><P></P><P>I thought the same thing but I wasn't sure and I would know your opinion.</P><P></P><P>Regards.</P><P></P><P>Giuseppe</P></BODY></HTML> Thu, 10 Apr 2008 12:10:30 GMT gpangallo 2008-04-10T12:10:30Z https://community.cisco.com/t5/application-networking/managing-ssl-certifications/m-p/1028935#M20437 <P>Hi, </P><P></P><P>I have configured on the CSS content rules for SSL traffic without using the SSL module and SSL proxy list but I noticed some issues regarding to the correct acquisition of the SSL certificate from the client side.</P><P></P><P>I would like to know if configuring the CSS as transparent Gateway for SSL can create those issues. </P><P>Moreover, how could I check it on CSS? </P><P>The CSS configuration is the following:</P><P></P><P>content HTTPS </P><P> port 3453 </P><P> protocol tcp </P><P> vip address 10.1xx.x.x </P><P> add service server_SSL_1 </P><P> add service server_SSL_2 </P><P> advanced-balance ssl </P><P> application ssl </P><P> active </P><P></P><P>service server_SSL_1 </P><P> keepalive port 3456</P><P> ip address 10.1xx.x.y</P><P> port 3456</P><P> active </P><P></P><P>service server_SSL_2 </P><P> keepalive port 3456 </P><P> ip address 10.1xx.x.z </P><P> port 3456</P><P> active</P><P></P><P>Thank you very much.</P><P></P><P>Best regards.</P><P></P><P>Giuseppe</P> Wed, 09 Apr 2008 15:17:47 GMT https://community.cisco.com/t5/application-networking/managing-ssl-certifications/m-p/1028935#M20437 gpangallo 2008-04-09T15:17:47Z https://community.cisco.com/t5/application-networking/managing-ssl-certifications/m-p/1028936#M20438 <HTML><HEAD></HEAD><BODY><P>I do not know any issue about acquisition of client cert.</P><P>Normally the CSS will just wait for the client ssl hello to detect the sslid but it will then pass all the information transparently to the server and the ssl handshake will continue between client and server.</P><P>Get a sniffer trace on the server to see what is going on.</P><P></P><P>Gilles.</P></BODY></HTML> Thu, 10 Apr 2008 10:46:58 GMT https://community.cisco.com/t5/application-networking/managing-ssl-certifications/m-p/1028936#M20438 Gilles Dufour 2008-04-10T10:46:58Z https://community.cisco.com/t5/application-networking/managing-ssl-certifications/m-p/1028937#M20439 <HTML><HEAD></HEAD><BODY><P>Hi Gilles,</P><P></P><P>Thank you for your support.</P><P></P><P>I thought the same thing but I wasn't sure and I would know your opinion.</P><P></P><P>Regards.</P><P></P><P>Giuseppe</P></BODY></HTML> Thu, 10 Apr 2008 12:10:30 GMT https://community.cisco.com/t5/application-networking/managing-ssl-certifications/m-p/1028937#M20439 gpangallo 2008-04-10T12:10:30Z