Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

managing SSL certifications

Hi,

I have configured on the CSS content rules for SSL traffic without using the SSL module and SSL proxy list but I noticed some issues regarding to the correct acquisition of the SSL certificate from the client side.

I would like to know if configuring the CSS as transparent Gateway for SSL can create those issues.

Moreover, how could I check it on CSS?

The CSS configuration is the following:

content HTTPS

port 3453

protocol tcp

vip address 10.1xx.x.x

add service server_SSL_1

add service server_SSL_2

advanced-balance ssl

application ssl

active

service server_SSL_1

keepalive port 3456

ip address 10.1xx.x.y

port 3456

active

service server_SSL_2

keepalive port 3456

ip address 10.1xx.x.z

port 3456

active

Thank you very much.

Best regards.

Giuseppe

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: managing SSL certifications

I do not know any issue about acquisition of client cert.

Normally the CSS will just wait for the client ssl hello to detect the sslid but it will then pass all the information transparently to the server and the ssl handshake will continue between client and server.

Get a sniffer trace on the server to see what is going on.

Gilles.

2 REPLIES
Cisco Employee

Re: managing SSL certifications

I do not know any issue about acquisition of client cert.

Normally the CSS will just wait for the client ssl hello to detect the sslid but it will then pass all the information transparently to the server and the ssl handshake will continue between client and server.

Get a sniffer trace on the server to see what is going on.

Gilles.

Community Member

Re: managing SSL certifications

Hi Gilles,

Thank you for your support.

I thought the same thing but I wasn't sure and I would know your opinion.

Regards.

Giuseppe

123
Views
0
Helpful
2
Replies
CreatePlease to create content