cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
529
Views
0
Helpful
3
Replies

CSS11500 Client Authentication

drex_72
Level 1
Level 1

We are trying to implement Client Authentication through our CSS11506. Some of our users use a different certificate to authenticate. I have the ssl-proxy-list configured correctly, but when I try to add a 2nd cacert, I get a message saying a certificate has already been configured (sorry I dont have the exact error message).

Unless I'm reading the documentation wrong, I thought you could have up to 4 certificates loaded. Or is that just for server authentication & not client?

We are using WebNS version 7.50.2.05.

Our ssl-proxy-list:

ssl-server 40

ssl-server 40 vip address x.x.x.x

ssl-server 40 rsacert serv_cert

ssl-server 40 rsakey serv_key

ssl-server 40 cipher rsa-with-rc4-128-md5 x.x.x.x 80 weight 5

ssl-server 40 urlrewrite 20 some.url.mil

ssl-server 40 cacert rootcert

ssl-server 40 authentication enable

3 Replies 3

I'm afraid that document doesn't mention anything about client authentication.

drex_72
Level 1
Level 1

Well I've gotten a step further. I can load multiple CACERTS into the content switch. However, it seems only the first CACERT I add is doing the authentication. If the client does not authenticate to the first cacert correctly, then it doesn't try the 2nd cacert. It just immediately fails.

Review Cisco Networking for a $25 gift card