02-24-2009 12:58 AM
We have noticed that, after implementing SSL support through CSS11503 w/SSL Module (moving from Apache 2.2.6 with ssl_mod), the 'certificate request' message sent by the server to the client during SSL Handshake phase does not include a list of Distinguished Names (DN) for the CA. With the previous implementation, using Apache, we saw that the server was sending this list.
Normally this allows the client browser to automatically identify suitable client certificates and present only the relevant certificates to the client. Now all certificates found on the client machine are being presented for selection. This results in a different user experience and confusion.
Has anybody come across this issue before and is there any way to ensure that the DN list is included using CSS module?
Thanks,
Brendan
03-03-2009 03:16 AM
CSCei05540
DistinguishedName not used in certificate request
Close comment:
This enhancement will not be done on the CSS11500 product line and other Cisco
load balancers should be considered.
Gilles.
03-06-2009 11:39 AM
Hi Gilles,
Thanks for that information. I will investigate the other load balancing product lines for a suitable solution.
Brendan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: