Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS 11501s - Client Authentication

Can anyone hlep witht his please??

we are currently trying to configure client authnetication on the ssl proxy list.

when we associate a cacert,enable the authentication and sniff the client side, we can see a sucessful handshake but then the connection is rejected with a cacert failiure. We are confided that certificates and keys are all correct, but can not make a succesful client auth connections, any ideas on anything that we might me over looking.

Regards

ZAin

my config ...

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list NN4B-TR-PROXY-list

ssl-server 1

ssl-server 1 vip address 192.168.***.*

ssl-server 1 cipher rsa-with-3des-ede-cbc-sha 192.168.***.** 80

ssl-server 1 rsacert nn4bcert

ssl-server 1 rsakey nn4bkey

ssl-server 1 cacert cacert

(authentication currently diabled)

active

**************************************************************************

if anyone needs any further information let me know, i will be happy to provide.

1 REPLY
New Member

Re: CSS 11501s - Client Authentication

What does the content rule look like that points to the SSL-Proxy-List?

Are you certain of the cipher suite terms (rsa-with-3des-ede-cbc-sha)?

Do a 'Show SSL Association' command and verify the key/cert associations are there. If not, see the following command: 'SSL Associate'

Let us know.

142
Views
0
Helpful
1
Replies