https://community.cisco.com/t5/application-networking/css11501-and-client-certificate-processing/m-p/383247#M6713 <HTML><HEAD></HEAD><BODY><P>what's your version ?</P><P>Are you re-encrypting traffic in the backend ?</P><P>Or ar you using the header insert feature ?</P><P>What is your config ?</P><P></P><P>I do not think we touch the certificate.</P><P>We simply forward it as we receive it.</P><P>But I can verify.</P><P></P><P>Gilles.</P></BODY></HTML> Sun, 06 Mar 2005 10:58:05 GMT Gilles Dufour 2005-03-06T10:58:05Z https://community.cisco.com/t5/application-networking/css11501-and-client-certificate-processing/m-p/383246#M6712 <P></P><P>I use CSS 11501 to accelerate ssl sessions and autheticate users.</P><P>CSS gets the certificate from the client browser. The certificate DN contains for example:</P><P>"CN=info1, SERIALNUMBER=REGON: 321123321, OU=info2, O=info3, C=PL".</P><P>The CSS sends the certificate to beckend servers as:</P><P>"C=PL, O=info3, OU=info2 ADR, SN=REGON: 321123321, CN=info1".</P><P>There are two incorrect things:</P><P>1. The order of attributes in DN is reversed. This is not compliant with RCF 1779.</P><P>2. SERIALNUMBER is replaced to SN string.</P><P></P><P>How to resolve this problem ?</P><P></P> Fri, 04 Mar 2005 21:42:07 GMT https://community.cisco.com/t5/application-networking/css11501-and-client-certificate-processing/m-p/383246#M6712 robert 2005-03-04T21:42:07Z https://community.cisco.com/t5/application-networking/css11501-and-client-certificate-processing/m-p/383247#M6713 <HTML><HEAD></HEAD><BODY><P>what's your version ?</P><P>Are you re-encrypting traffic in the backend ?</P><P>Or ar you using the header insert feature ?</P><P>What is your config ?</P><P></P><P>I do not think we touch the certificate.</P><P>We simply forward it as we receive it.</P><P>But I can verify.</P><P></P><P>Gilles.</P></BODY></HTML> Sun, 06 Mar 2005 10:58:05 GMT https://community.cisco.com/t5/application-networking/css11501-and-client-certificate-processing/m-p/383247#M6713 Gilles Dufour 2005-03-06T10:58:05Z