05-19-2005 12:03 AM
Are there any known issues relating to using self signed certificates to the backend?
We are unable to negotiate a successful SSL session via the web through the CSS to backend servers.
Software version is sg07.30.3.13s
05-19-2005 03:38 AM
Where is the self signed certificate ?
Is it on CSS or on server ?
Is the server doing client authentication ?
Self signed certificate should work, whatever config you have, but it requires to make sure the certificate is *trusted* by the remote peer.
Gilles.
05-19-2005 03:05 PM
The SSL Module within the CSS conducts the client auth and encryption.
The self signed is being used to the backend purely for encryption purposes.
Victor
05-20-2005 04:13 AM
Vctor,
are you doing backend-ssl [client-CSS encrypted and als o css-server encrypted] or ssl-initiation [client-css cleartext and css-server encrypted] ?
For backend-ssl a sample config is at :
If you are doing ssl initiation this is different from backend-ssl.
The config is slightly different as described here :
Also, SSL initiation requires version 7.40 at the minimum.
Gilles.
05-22-2005 12:34 AM
Backend-ssl.
We have found the cause of the issue. It was a bad self signed cert created by the backend webseal proxy. We re-cut a self signed cert on an Apache box and after reimporting this it fixed the issue.
Thanks for you help.
Victor
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide