https://community.cisco.com/t5/network-security/cisco-asa-ssl-proxy-with-client-certificates/m-p/2237969#M346263 <HTML><HEAD></HEAD><BODY><P>If by "<EM>validate SSL client-certificates against Microsofts Active Directory</EM>" you mean have the ASA confirm that the certificate the client holds is valid, it does it by checking its CRL, in case it uses that method, can also use OCSP as you might know.</P><P></P><P>Now, as for the "<EM>act as a SSL proxy between server and clien</EM>t" thingy, i know that the newest member of the ASA-frewall family, the ASA CX [it's actually a module], has a&nbsp; TLS/SSL proxy feature.</P><P></P><P>Couldn't find a document stating that fact though, i guess you can always reach out for your Cisco rep and get that clarified. </P></BODY></HTML> Wed, 17 Jul 2013 18:46:00 GMT Favaloro. 2013-07-17T18:46:00Z https://community.cisco.com/t5/network-security/cisco-asa-ssl-proxy-with-client-certificates/m-p/2237968#M346261 <P>Hi All,</P><P></P><P>A customer want to replace his old Microsoft ISA firewall with another device.</P><P>I thought of a redundant Cisco ASA pair. The new firewall has to meet the following requirement:</P><P></P><P>The new Firewall has to validate SSL client-certificates against Microsofts Active Directory</P><P>and act as a SSL proxy between server and client.</P><P></P><P>Does somebody know if that is possible with a Cisco ASA? Or maybe with another Cisco product?</P><P></P><P>Thank a ton,</P><P>Johannes</P> Tue, 12 Mar 2019 02:13:20 GMT https://community.cisco.com/t5/network-security/cisco-asa-ssl-proxy-with-client-certificates/m-p/2237968#M346261 jm 2019-03-12T02:13:20Z https://community.cisco.com/t5/network-security/cisco-asa-ssl-proxy-with-client-certificates/m-p/2237969#M346263 <HTML><HEAD></HEAD><BODY><P>If by "<EM>validate SSL client-certificates against Microsofts Active Directory</EM>" you mean have the ASA confirm that the certificate the client holds is valid, it does it by checking its CRL, in case it uses that method, can also use OCSP as you might know.</P><P></P><P>Now, as for the "<EM>act as a SSL proxy between server and clien</EM>t" thingy, i know that the newest member of the ASA-frewall family, the ASA CX [it's actually a module], has a&nbsp; TLS/SSL proxy feature.</P><P></P><P>Couldn't find a document stating that fact though, i guess you can always reach out for your Cisco rep and get that clarified. </P></BODY></HTML> Wed, 17 Jul 2013 18:46:00 GMT https://community.cisco.com/t5/network-security/cisco-asa-ssl-proxy-with-client-certificates/m-p/2237969#M346263 Favaloro. 2013-07-17T18:46:00Z