CSS 11501s - Client Authentication

Unanswered Question
Apr 15th, 2008
User Badges:

Can anyone hlep witht his please??


we are currently trying to configure client authnetication on the ssl proxy list.

when we associate a cacert,enable the authentication and sniff the client side, we can see a sucessful handshake but then the connection is rejected with a cacert failiure. We are confided that certificates and keys are all correct, but can not make a succesful client auth connections, any ideas on anything that we might me over looking.


Regards


ZAin


my config ...


!*********************** SSL PROXY LIST ***********************

ssl-proxy-list NN4B-TR-PROXY-list

ssl-server 1

ssl-server 1 vip address 192.168.***.*

ssl-server 1 cipher rsa-with-3des-ede-cbc-sha 192.168.***.** 80

ssl-server 1 rsacert nn4bcert

ssl-server 1 rsakey nn4bkey

ssl-server 1 cacert cacert

(authentication currently diabled)

active

**************************************************************************


if anyone needs any further information let me know, i will be happy to provide.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

What does the content rule look like that points to the SSL-Proxy-List?


Are you certain of the cipher suite terms (rsa-with-3des-ede-cbc-sha)?


Do a 'Show SSL Association' command and verify the key/cert associations are there. If not, see the following command: 'SSL Associate'


Let us know.

Actions

This Discussion