Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Ace - Two-way SSL configuration

Hi all,

Just a quick question :

Is it possible to match a field of the client certificate to make a Load balacing decision ?

so that if a client has a cert with a CN or C field with a specific value that is is redirected to a specific serverfarm.

Thanks,

Luc.

Everyone's tags (3)
2 REPLIES
Cisco Employee

Re: Ace - Two-way SSL configuration

Hi Luc,

Unfortunately the ACE can't do such a thing, when it comes to client authentication the client cert will be used exclusively for client validation, meaning that the cert provided by the requestor must match with the one that has been configured on the ACE, but that's it.

On ACE decryption happens before L7 load balancing so even if you take client authentication out of the picture and say that you're dealing with a SAN certificate, ACE needs to decrypt the traffic first and then match the appropiate host header in order to send the traffic to the SF in question.

From the post below you can see that Gilles states the feature is not even on the ACE roadmap, you may want to raise the flag with your sales team.

https://supportforums.cisco.com/thread/2037449

HTH.

__ __

Pablo

New Member

Re: Ace - Two-way SSL configuration

Hi Pablo,

Thank you for your quick answer, I had tried to searh for an answer on the topic but I didn't run into Gilles's post.

As everytime I have a question regarding LB, Gilles has the answer....

Regards,

1244
Views
0
Helpful
2
Replies
CreatePlease to create content