Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
2
Replies

managing SSL certifications

Go to solution
gpangallo
Level 1
Level 1

‎04-09-2008 08:17 AM

Hi,

I have configured on the CSS content rules for SSL traffic without using the SSL module and SSL proxy list but I noticed some issues regarding to the correct acquisition of the SSL certificate from the client side.

I would like to know if configuring the CSS as transparent Gateway for SSL can create those issues.

Moreover, how could I check it on CSS?

The CSS configuration is the following:

content HTTPS

port 3453

protocol tcp

vip address 10.1xx.x.x

add service server_SSL_1

add service server_SSL_2

advanced-balance ssl

application ssl

active

service server_SSL_1

keepalive port 3456

ip address 10.1xx.x.y

port 3456

active

service server_SSL_2

keepalive port 3456

ip address 10.1xx.x.z

port 3456

active

Thank you very much.

Best regards.

Giuseppe

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎04-10-2008 03:46 AM

I do not know any issue about acquisition of client cert.

Normally the CSS will just wait for the client ssl hello to detect the sslid but it will then pass all the information transparently to the server and the ssl handshake will continue between client and server.

Get a sniffer trace on the server to see what is going on.

Gilles.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎04-10-2008 03:46 AM

I do not know any issue about acquisition of client cert.

Normally the CSS will just wait for the client ssl hello to detect the sslid but it will then pass all the information transparently to the server and the ssl handshake will continue between client and server.

Get a sniffer trace on the server to see what is going on.

Gilles.

0 Helpful

Go to solution
gpangallo
Level 1
Level 1
In response to Gilles Dufour

‎04-10-2008 05:10 AM

Hi Gilles,

Thank you for your support.

I thought the same thing but I wasn't sure and I would know your opinion.

Regards.

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents