09-07-2006 06:21 AM
We are trying to implement Client Authentication through our CSS11506. Some of our users use a different certificate to authenticate. I have the ssl-proxy-list configured correctly, but when I try to add a 2nd cacert, I get a message saying a certificate has already been configured (sorry I dont have the exact error message).
Unless I'm reading the documentation wrong, I thought you could have up to 4 certificates loaded. Or is that just for server authentication & not client?
We are using WebNS version 7.50.2.05.
Our ssl-proxy-list:
ssl-server 40
ssl-server 40 vip address x.x.x.x
ssl-server 40 rsacert serv_cert
ssl-server 40 rsakey serv_key
ssl-server 40 cipher rsa-with-rc4-128-md5 x.x.x.x 80 weight 5
ssl-server 40 urlrewrite 20 some.url.mil
ssl-server 40 cacert rootcert
ssl-server 40 authentication enable
09-13-2006 07:16 AM
09-29-2006 08:25 AM
I'm afraid that document doesn't mention anything about client authentication.
10-03-2006 05:36 AM
Well I've gotten a step further. I can load multiple CACERTS into the content switch. However, it seems only the first CACERT I add is doing the authentication. If the client does not authenticate to the first cacert correctly, then it doesn't try the 2nd cacert. It just immediately fails.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide