Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
672
Views
0
Helpful
1
Replies

Cisco CSS Client Authentication

davidbuit
Level 1
Level 1

‎10-22-2008 06:12 PM

I have a few questions in this regard..

1.) Is it possible to use self signed certs for the client authentication, baring in mind you need to point the CSS to the CRL?

2.) I need to run around 20 different VIP's (probably on the same IP but with different tcp ports), all requiring their own individual certificate for client auth. Is there a limit to the number of client authentication certificates I can load on a 11501S device?

3.) Can someone provide me with a working configuration example for client authentication on a CSS?

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎10-23-2008 04:58 AM

client authentication means the CSS will request the client to send its own certificate and we will check its validity with the configured CA and configured CRL.

It has nothing to do with the CSS certificate.

So, you could have a self signed certificate on the CSS. That doesn't change anything for client authentication.

The same IP thing is probably not a good thing if you want to assign the certificate to different domain.

A dns request will only return an ip address and no port.

So you may end up with all requests going to the same ip and port 443.

I think the limit is 256 ssl-proxy server.

Check config guide for assistance :

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.50/configuration/ssl/guide/terminat.html#wp999318

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card