https://community.cisco.com/t5/application-networking/ssl-initiation-server-certificate-crl-check/m-p/378331#M6574 <HTML><HEAD></HEAD><BODY><P>I hope you mean that to do full authentication by checking CRL and Certificate ACLs. ssl module can do certificate caching to improve performance. Cat6k ssl module can do both client certificate authentication and server certificate authentication in ssl initiation case.Check with the below links for more information.</P><P></P><P>CRL</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252254" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252254</A></P><P>Certificate ACL</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252138" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252138</A></P><P>Certificate caching</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252599" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252599</A></P><P>Server Certificate authentication</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1280161" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1280161</A></P><P></P></BODY></HTML> Fri, 11 Feb 2005 15:27:31 GMT thomas.chen 2005-02-11T15:27:31Z https://community.cisco.com/t5/application-networking/ssl-initiation-server-certificate-crl-check/m-p/378330#M6573 <P>I got the SSL initiation setup working with the backend-server setup. The cleint certificate is checked via the CRL because there is CDP information in the certificate.</P><P></P><P>However we like to validate also the servercertificate. When we use a ssl-server configuration you can put in the ssl-server 10 crl xx command, this can not be done in a backend-server config. Anybody an Idea how the check the servercertificate against a CRL. </P> Mon, 07 Feb 2005 08:28:19 GMT https://community.cisco.com/t5/application-networking/ssl-initiation-server-certificate-crl-check/m-p/378330#M6573 eddiemeijer 2005-02-07T08:28:19Z https://community.cisco.com/t5/application-networking/ssl-initiation-server-certificate-crl-check/m-p/378331#M6574 <HTML><HEAD></HEAD><BODY><P>I hope you mean that to do full authentication by checking CRL and Certificate ACLs. ssl module can do certificate caching to improve performance. Cat6k ssl module can do both client certificate authentication and server certificate authentication in ssl initiation case.Check with the below links for more information.</P><P></P><P>CRL</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252254" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252254</A></P><P>Certificate ACL</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252138" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252138</A></P><P>Certificate caching</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252599" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252599</A></P><P>Server Certificate authentication</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1280161" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1280161</A></P><P></P></BODY></HTML> Fri, 11 Feb 2005 15:27:31 GMT https://community.cisco.com/t5/application-networking/ssl-initiation-server-certificate-crl-check/m-p/378331#M6574 thomas.chen 2005-02-11T15:27:31Z