Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

2 Way SSL communication on the ACE.

Hi, I have an ACE20 module runing  Version A2(3.6a). In my past, I have always done 1 way SSL termination on the ACE, wherein the client/browser initiates an SSL/https connection to the VIP on the ACE and authenticates the VIP. I have a requirement in which we need to also authenticate the client from the ACE. (2 way SSL). Is this supported? Can you please guide me to some configuration document?

thnx

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

2 Way SSL communication on the ACE.

Hi Sandev,

Yes it is supported. Please visit the below link and visit section "Client Authentication:.

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/ssl/guide/terminat.html#wp1117637

Regards,

Kanwal

3 REPLIES
Cisco Employee

2 Way SSL communication on the ACE.

Hi Sandev,

Yes it is supported. Please visit the below link and visit section "Client Authentication:.

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/ssl/guide/terminat.html#wp1117637

Regards,

Kanwal

Community Member

2 Way SSL communication on the ACE.

Thanks... It says that a significant performance decrease may result while doing this. 

This makes me think of a different scenario. - Let`s say i do end-to-end SSL all the way to my servers, and instead of the ACE authenticating the client, I leave the servers to do this part. In other words, ACE just acts as a pass-through for the client SSL authentication. Will this work?

Cisco Employee

2 Way SSL communication on the ACE.

Hi Sandev,

In end to end SSL ACE acts as a client. So ACE shall present a certificate to the backend server for client authentication. You should be able to configure a SSL Cert and Key on the ACE for it to use as the "client"..

This cert is what the ACE will use when the SSL server sends the CertificateRequest Message in the SSL handshake.

I haven't tested this myself but it should work fine and not sure if that would have an equal impact on performance or not.

Regards,

Kanwal

510
Views
0
Helpful
3
Replies
CreatePlease to create content