cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
386
Views
5
Helpful
2
Replies

CSS11503 w/SSL Module Not Including DN List For CA

Brendan O'Flynn
Level 1
Level 1

We have noticed that, after implementing SSL support through CSS11503 w/SSL Module (moving from Apache 2.2.6 with ssl_mod), the 'certificate request' message sent by the server to the client during SSL Handshake phase does not include a list of Distinguished Names (DN) for the CA. With the previous implementation, using Apache, we saw that the server was sending this list.

Normally this allows the client browser to automatically identify suitable client certificates and present only the relevant certificates to the client. Now all certificates found on the client machine are being presented for selection. This results in a different user experience and confusion.

Has anybody come across this issue before and is there any way to ensure that the DN list is included using CSS module?

Thanks,

Brendan

2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

CSCei05540

DistinguishedName not used in certificate request

Close comment:

This enhancement will not be done on the CSS11500 product line and other Cisco

load balancers should be considered.

Gilles.

Hi Gilles,

Thanks for that information. I will investigate the other load balancing product lines for a suitable solution.

Brendan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: