05-13-2009 12:48 PM
Hello
I'm trying to configure the SSL client authentication in ACE module. The config looks like that
crypto authgroup CLI_AUTHENTICATION
cert CA
ssl-proxy service SSL-test
authgroup CLI_AUTHENTICATION
cert cert.pem
key key.pem
The config works ok, without the client authentication feature.
The CA cert is a CA certificate that signed the test user certificate.
When I've tried to connect via the IE, the browser is asking me which certificate I'd like to use, but when I choose the correct one, I receive the information that the session could not be established.
I've checked the logs on the ACE, but there is no information about SSL problems.
I've also tried to use "debug ssl all", but it does not return any output.
Does anybody know why it could not work?
Thanks in advance
Regards
Lucas
05-13-2009 05:40 PM
HI Luckaszk,
Which mode you are using routed or bridged or one arm kindly tell. Also have you configure chaingroup and parameter map for the same.
As it is not clear from your config. It is not sufficient to comment on right now.
Can you send the output of the following commands to suggest more on your config
ACE-1/routed# show crypto files
ACE-1/routed# show crypto certificate all
ACE-1/routed# show crypto key all
ACE-1/routed# show crypto session
ACE-1/routed# show crypto hardware
ACE-1/routed# show service-policy
Kindly find below the SSL config example:
All examples:
http://docwiki.cisco.com/wiki/Category:Data_Center_Application_Services_Configuration_Examples
Sachin Garg
05-21-2009 05:19 AM
05-19-2009 11:51 AM
do "show stats crypto server" before and after clioent attempt see which counter increments. (ssl alert) Make sure clock on supervisor has correct date to avoid not before not after check of cert.
05-21-2009 05:47 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide