Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
407
Views
0
Helpful
1
Replies

CSS 11501s - Client Authentication

zain.karbani
Level 1
Level 1

‎04-15-2008 06:59 AM

Can anyone hlep witht his please??

we are currently trying to configure client authnetication on the ssl proxy list.

when we associate a cacert,enable the authentication and sniff the client side, we can see a sucessful handshake but then the connection is rejected with a cacert failiure. We are confided that certificates and keys are all correct, but can not make a succesful client auth connections, any ideas on anything that we might me over looking.

Regards

ZAin

my config ...

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list NN4B-TR-PROXY-list

ssl-server 1

ssl-server 1 vip address 192.168.***.*

ssl-server 1 cipher rsa-with-3des-ede-cbc-sha 192.168.***.** 80

ssl-server 1 rsacert nn4bcert

ssl-server 1 rsakey nn4bkey

ssl-server 1 cacert cacert

(authentication currently diabled)

active

**************************************************************************

if anyone needs any further information let me know, i will be happy to provide.

Labels:
0 Helpful
1 Reply 1

jphilope
Level 3
Level 3

‎04-16-2008 05:19 AM

What does the content rule look like that points to the SSL-Proxy-List?

Are you certain of the cipher suite terms (rsa-with-3des-ede-cbc-sha)?

Do a 'Show SSL Association' command and verify the key/cert associations are there. If not, see the following command: 'SSL Associate'

Let us know.

0 Helpful
Customers Also Viewed These Support Documents