managing SSL certifications

Answered Question
Apr 9th, 2008
User Badges:

Hi,


I have configured on the CSS content rules for SSL traffic without using the SSL module and SSL proxy list but I noticed some issues regarding to the correct acquisition of the SSL certificate from the client side.


I would like to know if configuring the CSS as transparent Gateway for SSL can create those issues.

Moreover, how could I check it on CSS?

The CSS configuration is the following:


content HTTPS

port 3453

protocol tcp

vip address 10.1xx.x.x

add service server_SSL_1

add service server_SSL_2

advanced-balance ssl

application ssl

active


service server_SSL_1

keepalive port 3456

ip address 10.1xx.x.y

port 3456

active


service server_SSL_2

keepalive port 3456

ip address 10.1xx.x.z

port 3456

active


Thank you very much.


Best regards.


Giuseppe

Correct Answer by Gilles Dufour about 9 years 3 months ago

I do not know any issue about acquisition of client cert.

Normally the CSS will just wait for the client ssl hello to detect the sslid but it will then pass all the information transparently to the server and the ssl handshake will continue between client and server.

Get a sniffer trace on the server to see what is going on.


Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
Gilles Dufour Thu, 04/10/2008 - 03:46
User Badges:
  • Cisco Employee,

I do not know any issue about acquisition of client cert.

Normally the CSS will just wait for the client ssl hello to detect the sslid but it will then pass all the information transparently to the server and the ssl handshake will continue between client and server.

Get a sniffer trace on the server to see what is going on.


Gilles.

gpangallo Thu, 04/10/2008 - 05:10
User Badges:

Hi Gilles,


Thank you for your support.


I thought the same thing but I wasn't sure and I would know your opinion.


Regards.


Giuseppe

Actions

This Discussion