cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
545
Views
0
Helpful
4
Replies

Can't communicate SSL to backend web proxys

v.hanna
Level 1
Level 1

Are there any known issues relating to using self signed certificates to the backend?

We are unable to negotiate a successful SSL session via the web through the CSS to backend servers.

Software version is sg07.30.3.13s

4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

Where is the self signed certificate ?

Is it on CSS or on server ?

Is the server doing client authentication ?

Self signed certificate should work, whatever config you have, but it requires to make sure the certificate is *trusted* by the remote peer.

Gilles.

The SSL Module within the CSS conducts the client auth and encryption.

The self signed is being used to the backend purely for encryption purposes.

Victor

Vctor,

are you doing backend-ssl [client-CSS encrypted and als o css-server encrypted] or ssl-initiation [client-css cleartext and css-server encrypted] ?

For backend-ssl a sample config is at :

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a0080220dab.shtml

If you are doing ssl initiation this is different from backend-ssl.

The config is slightly different as described here :

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080292a22.html

Also, SSL initiation requires version 7.40 at the minimum.

Gilles.

Backend-ssl.

We have found the cause of the issue. It was a bad self signed cert created by the backend webseal proxy. We re-cut a self signed cert on an Apache box and after reimporting this it fixed the issue.

Thanks for you help.

Victor

Review Cisco Networking for a $25 gift card