11-25-2004 10:38 AM
Hi,
I have a problem with client authorization on a CSS11501. The client auth worked on a SCA 11000 and we're trying to migrate to the CSS but as soon as we configure ssl-server 1 authentication enable and the ssl-server 1 cacert xxx the webpage stops working.
On the SCA the certificate was a chained with another, on the CSS they are not chained.
Is this why it doesn't work?
Thanks,
Niels
11-26-2004 12:11 AM
Niels,
is it a new certificate or is it the same one ?
You should now if the certificate is chained or not
Here is a link to the procedure to install a chained certificate on the CSS.
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_tech_note09186a00801de89b.shtml
Regards,
Gilles.
02-09-2005 12:57 PM
I got client authentication to work only after upgrading my CSS-11503 to sg0740107s
02-25-2005 02:19 AM
Gilles, can you confirm that this version of code is required then to get client authentication working?
I am having problems getting it working with version
sg0740007s using the following code:
ssl-server 7
ssl-server 7 vip address x.x.x.x
ssl-server 7 cipher rsa-with-3des-ede-cbc-sha x.x.x.x 8050
ssl-server 7 rsakey testkey
ssl-server 7 rsacert testcert
ssl-server 7 cacert root-ca
ssl-server 7 cacert subcert
ssl-server 7 failure redirect
ssl-server 7 failure-url http://www.service_css.com
ssl-server 7 authentication enable
02-25-2005 03:24 AM
I would say it should work with both.
However, we changed a lot of things regarding authentication between the 2 images.
The most important bugs are
CSCef35877, CSCeg40412
Regards,
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide