Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

CSS11500 Client Authentication

We are trying to implement Client Authentication through our CSS11506. Some of our users use a different certificate to authenticate. I have the ssl-proxy-list configured correctly, but when I try to add a 2nd cacert, I get a message saying a certificate has already been configured (sorry I dont have the exact error message).

Unless I'm reading the documentation wrong, I thought you could have up to 4 certificates loaded. Or is that just for server authentication & not client?

We are using WebNS version

Our ssl-proxy-list:

ssl-server 40

ssl-server 40 vip address x.x.x.x

ssl-server 40 rsacert serv_cert

ssl-server 40 rsakey serv_key

ssl-server 40 cipher rsa-with-rc4-128-md5 x.x.x.x 80 weight 5

ssl-server 40 urlrewrite 20

ssl-server 40 cacert rootcert

ssl-server 40 authentication enable

New Member

Re: CSS11500 Client Authentication

New Member

Re: CSS11500 Client Authentication

I'm afraid that document doesn't mention anything about client authentication.

New Member

Re: CSS11500 Client Authentication

Well I've gotten a step further. I can load multiple CACERTS into the content switch. However, it seems only the first CACERT I add is doing the authentication. If the client does not authenticate to the first cacert correctly, then it doesn't try the 2nd cacert. It just immediately fails.

CreatePlease to create content