Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1070
Views
0
Helpful
3
Replies

2 Way SSL communication on the ACE.

Go to solution
sandevsingh
Level 1
Level 1

‎01-17-2014 07:37 AM

Hi, I have an ACE20 module runing  Version A2(3.6a). In my past, I have always done 1 way SSL termination on the ACE, wherein the client/browser initiates an SSL/https connection to the VIP on the ACE and authenticates the VIP. I have a requirement in which we need to also authenticate the client from the ACE. (2 way SSL). Is this supported? Can you please guide me to some configuration document?

thnx

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎01-17-2014 07:40 AM

Hi Sandev,

Yes it is supported. Please visit the below link and visit section "Client Authentication:.

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/ssl/guide/terminat.html#wp1117637

Regards,

Kanwal

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎01-17-2014 07:40 AM

Hi Sandev,

Yes it is supported. Please visit the below link and visit section "Client Authentication:.

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/ssl/guide/terminat.html#wp1117637

Regards,

Kanwal

0 Helpful

Go to solution
sandevsingh
Level 1
Level 1
In response to Kanwaljeet Singh

‎01-17-2014 07:49 AM

Thanks... It says that a significant performance decrease may result while doing this. 

This makes me think of a different scenario. - Let`s say i do end-to-end SSL all the way to my servers, and instead of the ACE authenticating the client, I leave the servers to do this part. In other words, ACE just acts as a pass-through for the client SSL authentication. Will this work?

0 Helpful

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to sandevsingh

‎01-17-2014 08:18 AM

Hi Sandev,

In end to end SSL ACE acts as a client. So ACE shall present a certificate to the backend server for client authentication. You should be able to configure a SSL Cert and Key on the ACE for it to use as the "client"..

This cert is what the ACE will use when the SSL server sends the CertificateRequest Message in the SSL handshake.

I haven't tested this myself but it should work fine and not sure if that would have an equal impact on performance or not.

Regards,

Kanwal

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card