Cisco 11503 - CSS Content Services Switch Configuration Manual page 180

Content services switch ssl configuration guide

Hide thumbs Also See for 11503 - CSS Content Services Switch:

Administration manual (392 pages)

Hardware installation manual (184 pages)

Getting started manual (142 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

Table of Contents

Chapter 6

Configuring SSL Initiation

Configuring Back-End SSL Servers in an SSL Initiation Proxy List

Before you configure the CA certificate in an SSL initiation proxy list, you must

import the certificate on the CSS and then associate the certificate with a

filename. For information about importing a CA certificate, see the

"Importing or

Exporting Certificates and Private Keys"

section in

Chapter 3, Configuring SSL

Certificates and

Keys. For information about associating a certificate with a

filename, see the

"Associating Certificate and Private Key Files with Names"

section in

Chapter 3, Configuring SSL Certificates and

Keys.

To enable the SSL module (the client) to authenticate the SSL server, you must

configure at least one, with a maximum of four, CA certificates in the SSL

initiation proxy list. If you attempt to configure more than four CA certificates,

the CSS displays the following error message:

%% Max number of CA Certificates configured on server.

Use the cacert command to configure the CA certificates in the proxy list. The

syntax for this command is:

backend-server number cacert {name}

The name variable specifies the filename with which you have previously

associated the CA certificate. Enter a filename from 1 to 31 characters. The CA

certificate must already be loaded on the SCM. You can define a maximum of four

CA certificates for each SSL initiation proxy list. The CSS uses the CA

certificates to verify the server certificate in the order in which you configure the

CA certificates.

For example, to configure the mycert1 CA certificate in proxy list ssl_list1 for

SSL initiation server 1, enter:

(config-ssl-proxy-list[ssl_list1])# backend-server 1 cacert mycert1

To remove a CA certificate from an SSL proxy list, use the no form of the

command. For example, to remove the mycert1 CA certificate from the ssl_list1

proxy list for SSL initiation back-end server 1, enter:

(config-ssl-proxy-list[ssl_list1])# no backend-server 1 cacert mycert1

Cisco Content Services Switch SSL Configuration Guide

6-22

OL-5655-01

Table of Contents

Related Products for Cisco 11503 - CSS Content Services Switch

This manual is also suitable for:

11500 series

Cisco 11503 - CSS Content Services Switch Configuration Manual page 180

Related Manuals for Cisco 11503 - CSS Content Services Switch

Related Products for Cisco 11503 - CSS Content Services Switch

This manual is also suitable for:

Table of Contents