Hi, I have an ACE20 module runing Version A2(3.6a). In my past, I have always done 1 way SSL termination on the ACE, wherein the client/browser initiates an SSL/https connection to the VIP on the ACE and authenticates the VIP. I have a requirement in which we need to also authenticate the client from the ACE. (2 way SSL). Is this supported? Can you please guide me to some configuration document?
Thanks... It says that a significant performance decrease may result while doing this.
This makes me think of a different scenario. - Let`s say i do end-to-end SSL all the way to my servers, and instead of the ACE authenticating the client, I leave the servers to do this part. In other words, ACE just acts as a pass-through for the client SSL authentication. Will this work?
In end to end SSL ACE acts as a client. So ACE shall present a certificate to the backend server for client authentication. You should be able to configure a SSL Cert and Key on the ACE for it to use as the "client"..
This cert is what the ACE will use when the SSL server sends the CertificateRequest Message in the SSL handshake.
I haven't tested this myself but it should work fine and not sure if that would have an equal impact on performance or not.
Moquery is the command line cousin of Vizore, it's very helpful and efficient sometimes during the troubleshooting. This article aims to provide moquery cheat sheet to the users for some most common seen scenarios.
Here is the checklist before customers/partners contact Cisco TAC:
Firmware Version of APIC and Switch
Download Switch and APIC techsupport logs
Problem description (Symptoms with details)
Business impact (eg, what kind of services...
moquery usageAPIC moquerySwitchmoquery
This document discuss a common issue observed during the VMM integration & VM workload migration to ACI fabric.
VMware Virtual machines are hosted in Cisco UCS-B seri...