Client Authorization doesn't work WebNS 7.40

ns · ‎11-25-2004

Hi,

I have a problem with client authorization on a CSS11501. The client auth worked on a SCA 11000 and we're trying to migrate to the CSS but as soon as we configure ssl-server 1 authentication enable and the ssl-server 1 cacert xxx the webpage stops working.

On the SCA the certificate was a chained with another, on the CSS they are not chained.

Is this why it doesn't work?

Thanks,

Niels

Gilles Dufour · ‎11-26-2004

Niels,

is it a new certificate or is it the same one ?

You should now if the certificate is chained or not

Here is a link to the procedure to install a chained certificate on the CSS.

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_tech_note09186a00801de89b.shtml

Regards,

Gilles.

d.alves · ‎02-09-2005

I got client authentication to work only after upgrading my CSS-11503 to sg0740107s

c.downie · ‎02-25-2005

Gilles, can you confirm that this version of code is required then to get client authentication working?

I am having problems getting it working with version

sg0740007s using the following code:

ssl-server 7

ssl-server 7 vip address x.x.x.x

ssl-server 7 cipher rsa-with-3des-ede-cbc-sha x.x.x.x 8050

ssl-server 7 rsakey testkey

ssl-server 7 rsacert testcert

ssl-server 7 cacert root-ca

ssl-server 7 cacert subcert

ssl-server 7 failure redirect

ssl-server 7 failure-url http://www.service_css.com

ssl-server 7 authentication enable

Gilles Dufour · ‎02-25-2005

I would say it should work with both.

However, we changed a lot of things regarding authentication between the 2 images.

The most important bugs are

CSCef35877, CSCeg40412

Regards,

Gilles.