Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
0
Helpful
3
Replies

Cliente certificates under a specific URL

Smith3III
Level 1
Level 1

‎07-17-2009 02:25 AM

Hi friends, hope somebody can advise me on this request.

We have a https://www.site.com which is LB some web servers behind. All content on our site is served under SSL (this is a must).

We would like to use a specific URL to ask for client certificates under a specific subdirectory (cert), something like this: https://www.site.com/cert/

So, everything else is using normal SSL, but all from /cert is erquired to use client certificates.

(btw, subdomains is not an option for us)

Is this possible using a CSS?

Thanks,

jsmiIII

Labels:
0 Helpful
3 Replies 3

wong34539
Level 6
Level 6

‎07-23-2009 02:43 PM

The CSS can create a certificate but it is only used for testing. It will expire after a few weeks. Plus this cert will not be in the client's browser so they will get the pop up warning.

Redirect Configuration on the CSS 11000:

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a00801de8d6.shtml

0 Helpful

Smith3III
Level 1
Level 1
In response to wong34539

‎07-23-2009 11:26 PM

What I mean is if CSS can restrict SSL access to a specific URL instead of using a subdomain (ie: normal website www.sitea.com, ssl active only www.sitea.com/secure/).

Someboy told me it is possible using some kind of redirects, but honestly, I cannot find any example about that (protect directory)...

thank so much

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to Smith3III

‎07-29-2009 03:52 AM

yes this is possible.

You create 2 content rulea to catch the decrypted traffic.

One is the generic rule to catch everything and the other one is specific to catch /secure/*.

For the /secure/* you simply loadbalance to the server and keep the connection encrypted.

For the generic rule, you create a web redirect service to send the client back to http://.... instead of httpS://

You do the same on the port 80 (cleartext) traffic but you redirect /secure/* to https and continue the connection in cleartext for the generic rule.

There are multiple examples of CSS redirect configuration on our website.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents