Chapter 1
Overview of CSS SSL
Client Authentication
OL-5655-01
When client authentication occurs on the CSS, the CSS verifies that the:
Client sending the certificate has a corresponding private key
•
Client certificate is signed by a known CA
•
Certificate has not expired
•
Signature is valid
•
Issuing CA has not revoked the certificate if a Certificate Revocation List
•
(CRL) is configured on the CSS
During a typical SSL handshake between a client and a server, the client does not
send a certificate as shown in
Figure 1-1
SSL Handshake Without Client Authentication
SSL Client
ClientHello
ServerHelloDone
ClientKeyExchange
ChangeCipherSpec
Finished
ChangeCipherSpec
Overview of the SSL Module Functions in the CSS
Figure
1-1.
SSL Server
ServerHello
Certificate
Finished
Cisco Content Services Switch SSL Configuration Guide
1-9