We are trying to implement Client Authentication through our CSS11506. Some of our users use a different certificate to authenticate. I have the ssl-proxy-list configured correctly, but when I try to add a 2nd cacert, I get a message saying a certificate has already been configured (sorry I dont have the exact error message).
Unless I'm reading the documentation wrong, I thought you could have up to 4 certificates loaded. Or is that just for server authentication & not client?
Well I've gotten a step further. I can load multiple CACERTS into the content switch. However, it seems only the first CACERT I add is doing the authentication. If the client does not authenticate to the first cacert correctly, then it doesn't try the 2nd cacert. It just immediately fails.
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...