CSS11503 w/SSL Module Not Including DN List For CA
We have noticed that, after implementing SSL support through CSS11503 w/SSL Module (moving from Apache 2.2.6 with ssl_mod), the 'certificate request' message sent by the server to the client during SSL Handshake phase does not include a list of Distinguished Names (DN) for the CA. With the previous implementation, using Apache, we saw that the server was sending this list.
Normally this allows the client browser to automatically identify suitable client certificates and present only the relevant certificates to the client. Now all certificates found on the client machine are being presented for selection. This results in a different user experience and confusion.
Has anybody come across this issue before and is there any way to ensure that the DN list is included using CSS module?
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...