Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cliente certificates under a specific URL

Hi friends, hope somebody can advise me on this request.

We have a https://www.site.com which is LB some web servers behind. All content on our site is served under SSL (this is a must).

We would like to use a specific URL to ask for client certificates under a specific subdirectory (cert), something like this: https://www.site.com/cert/

So, everything else is using normal SSL, but all from /cert is erquired to use client certificates.

(btw, subdomains is not an option for us)

Is this possible using a CSS?

Thanks,

jsmiIII

3 REPLIES
Silver

Re: Cliente certificates under a specific URL

The CSS can create a certificate but it is only used for testing. It will expire after a few weeks. Plus this cert will not be in the client's browser so they will get the pop up warning.

Redirect Configuration on the CSS 11000:

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a00801de8d6.shtml

New Member

Re: Cliente certificates under a specific URL

What I mean is if CSS can restrict SSL access to a specific URL instead of using a subdomain (ie: normal website www.sitea.com, ssl active only www.sitea.com/secure/).

Someboy told me it is possible using some kind of redirects, but honestly, I cannot find any example about that (protect directory)...

thank so much

Cisco Employee

Re: Cliente certificates under a specific URL

yes this is possible.

You create 2 content rulea to catch the decrypted traffic.

One is the generic rule to catch everything and the other one is specific to catch /secure/*.

For the /secure/* you simply loadbalance to the server and keep the connection encrypted.

For the generic rule, you create a web redirect service to send the client back to http://.... instead of httpS://

You do the same on the port 80 (cleartext) traffic but you redirect /secure/* to https and continue the connection in cleartext for the generic rule.

There are multiple examples of CSS redirect configuration on our website.

Gilles.

110
Views
0
Helpful
3
Replies