Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
539
Views
0
Helpful
1
Replies

SSL Initiation Server Certificate CRL check

eddiemeijer
Level 1
Level 1

‎02-07-2005 12:28 AM

I got the SSL initiation setup working with the backend-server setup. The cleint certificate is checked via the CRL because there is CDP information in the certificate.

However we like to validate also the servercertificate. When we use a ssl-server configuration you can put in the ssl-server 10 crl xx command, this can not be done in a backend-server config. Anybody an Idea how the check the servercertificate against a CRL.

Labels:
0 Helpful
1 Reply 1

thomas.chen
Level 6
Level 6

‎02-11-2005 07:27 AM

I hope you mean that to do full authentication by checking CRL and Certificate ACLs. ssl module can do certificate caching to improve performance. Cat6k ssl module can do both client certificate authentication and server certificate authentication in ssl initiation case.Check with the below links for more information.

CRL

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252254

Certificate ACL

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252138

Certificate caching

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1252599

Server Certificate authentication

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/ssl_2_1/ssl_cfg/config.htm#1280161

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents