This is a bit of an odd one, so please stick with me!
A bit of background:
We currently visit a secure 3rd party website from our company, in order to identify our company to the website we have to use a client-side certificate to authenticate us (before we then login to the website).
As we have a large number of machines loading a client-certificate on to each one has not proved agile enough (this is more a legacy thing). So to work around this we have used a Stunnel proxy which the clients are forwared too (HTTP), which then proxies the connection as HTTPS and provides the end website with the Client Cert and does all the bits for SSL. The Stunnel service was meant to be a tempory workaround, about 3 or so years ago (don't you just love those?) and is hosted on a desktop PC which has recently started to crash - there's no real support on this either - which leads me onto the question:
Can the ACE module replace the Stunnel Box in this scenario?
Is it possibile to load a client certificate onto the ACE and get it to provide this to an end webserver. I realise that the ACE is probably not designed for this function, however this would get us onto something more stable and has a better internal support function.
I've attached a really basic diagram of how the connectivity operates - but I'm happy to consider suggestions on alternative ways of doing it.
Hi,There was a leaf Switch live in our fabric which was having some issues . We got an RMA for it and replaced the new leaf Switch with the same Node ID. After replacement we are unable to SSH the new leaf Switch from APIC .getting some error for RSA keys...
Hi, I am trying to create multiple subnets in one bridge domain using postman for ACI automation. I want to know if there is a document specific to the automation mentioned above. Can someone help me with this please. I am using global variables for ...
Bridge the gap between infrastructure and applications with Cisco Hyperflex Application Platform and Intersight Workload Optimizer.
Hyperflex Application Platform (HXAP)
See Hyperflex in Action
Cisco listens to the business needs of cu...
I have ip flapping issue in cisco ACI environmentas the topology:I found that when icmp reply from 220.127.116.11 to 18.104.22.168,these icmp reply packets will be sent to SW13 and SW14 at the same time,the icmp reply packets which sent to SW13 with S-I...
There is a Global ACI option (SYSTEM > SYSTEM SETTINGS >> Fabric Wide Setting | Enforce Domain Validation) that forces ACI to check that an EPG is linked to a Domain. The Cisco Application Centric Infrastructure Design Guide White Paper ...