Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
2
Replies

can the SSL module send a client certificate to the back-end server?

ROMAN TOMASEK
Level 1
Level 1

‎03-29-2005 06:24 AM

Hi,

I have the question about sending the client certificate to the back-end server. Is it possible? I need to resend the client certificate from the ssl module to the back end server for authentication and accounting. I will terminate the client session on the ssl module and then I will made session from the ssl module to the backend server (end-to-end encryption). How I will configure it? Thank you very much.

Roman

Labels:
0 Helpful
2 Replies 2

efairbanks
Level 1
Level 1

‎03-29-2005 06:38 AM

Roman,

Check out this section. The whole article can be found at http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080292a76.html#wp1023546

Inserting Client Certificate Information

When you need to send client certificate information to the back-end server, you can configure the CSS to insert client certificate fields and associated information into the HTTP header. To add a prefix to the fields, see the "Adding a Prefix to the Fields Inserted in the HTTP Header" section.

--------------------------------------------------------------------------------

Note If the SSL proxy list and its service are active, suspend the service and then the proxy list before configuring or disabling HTTP header insertion. Afterward, reactivate the SSL proxy list and activate its service.

--------------------------------------------------------------------------------

To configure the CSS to insert client certificate fields in the HTTP header, use the ssl-server number http-header client-cert command. For example:

(config-ssl-proxy-list[ssl_list1])# ssl-server 20 http-header

client-cert

To disable the insertion of client certificate fields and information in the HTTP header, enter:

(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 http-header

client-cert

Table 4-2 lists the inserted client certificate fields, description, format, and an example. Depending on how the certificate was generated and what key algorithm was used, all of these fields may not be present for the certificate

0 Helpful

ROMAN TOMASEK
Level 1
Level 1
In response to efairbanks

‎03-29-2005 08:53 AM

Hi Efair,

thank you for your advice. Can I use this solution when the SSL module will terminate SSL session from the client and this SSL modul will start session (crypted) with the back end server? So for end-to-end crypted session?

Thanks

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card