Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco CSS Client Authentication

I have a few questions in this regard..

1.) Is it possible to use self signed certs for the client authentication, baring in mind you need to point the CSS to the CRL?

2.) I need to run around 20 different VIP's (probably on the same IP but with different tcp ports), all requiring their own individual certificate for client auth. Is there a limit to the number of client authentication certificates I can load on a 11501S device?

3.) Can someone provide me with a working configuration example for client authentication on a CSS?

1 REPLY
Cisco Employee

Re: Cisco CSS Client Authentication

client authentication means the CSS will request the client to send its own certificate and we will check its validity with the configured CA and configured CRL.

It has nothing to do with the CSS certificate.

So, you could have a self signed certificate on the CSS. That doesn't change anything for client authentication.

The same IP thing is probably not a good thing if you want to assign the certificate to different domain.

A dns request will only return an ip address and no port.

So you may end up with all requests going to the same ip and port 443.

I think the limit is 256 ssl-proxy server.

Check config guide for assistance :

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.50/configuration/ssl/guide/terminat.html#wp999318

Gilles.

294
Views
0
Helpful
1
Replies
CreatePlease to create content