Re: Install additional CA to authenticate linksys clients

ranjtech74 · ‎06-19-2008

Hello,

Is it possible for me to install a CA root certificate, provided by Linksys so that linksys devices, which have client-certificates built-in, can authenticate against that CA root? This way, only devices will be able to access the protected content from our web-servers instead of someone being able to just hit the URL in a web-browser and access that content/files. I can't find any documentation on it, so thought I'd ask here.

If this is possible to do, then how? We have the CSS11501S-K9 model of CSS. Thanks in advance

\R

Diego Vargas · ‎06-19-2008

Well not sure if the Linksys device itself can act as a SSL client and use the certificate to authenticate with the CSS.

The CSS does support client authentication for sure and you can install the CA cert on the CSS, this is usually used with client's browsers showing the client certificate to the CSS.

Here are the details to configure SSL Client Authentication:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/ssl/guide/terminat.html#wp999318

Hoope it helps!!

ranjtech74 · ‎06-19-2008

Hi Diego,

yes that helps a lot. Weird that I actually knew it did allow for it but when I started looking for the actual documentation (which was almost a yr after I saw it the first time) I couldn't find it. Thanks so much. BTW, the Linksys client can act as an SSL client when requested to present its built-in certificate.

Just one last question, does this need to be set in a new ssl virtual server of its own or does it need to be in the ssl-server config for where the server SSL cert resides as this connection is over HTTPS after all and the server (CSS) will have to have a certificate of its own installed.

Thanks again

\R