Figure 1-2 Ssl Handshake With Client Authentication - Cisco 11503 - CSS Content Services Switch Configuration Manual
Content services switch ssl configuration guide
Hide thumbs
Also See for 11503 - CSS Content Services Switch:
- Administration manual (392 pages) ,
- Hardware installation manual (184 pages) ,
- Getting started manual (142 pages)
Table of Contents
Advertisement
Overview of the SSL Module Functions in the CSS
For a client to send a certificate, the server must include a certificate request
(CertificateRequest) message in the handshake as shown in
request message includes which types of certificates the server accepts. However,
this message does not identify certificate authorities.
Figure 1-2
SSL Client
After the server sends the ServerHelloDone message, the client responds with its
certificate (Certificate) and key exchange. Then the client sends a
CertificateVerify message that contains a digest of all the handshake messages
from the server and was signed using the client public key. The server decrypts
the message using the client public key ensuring that the client possesses the
correct private key.
The CertificateVerify message does not check the authenticity of the certificate.
However, it does check that the public portion of the client private key matches
what is embedded in the certificate. This ensures that the client possesses the
keypair that used to generate the certificate, and is not passing someone else's
certificate. However, the CSS can check whether the issuer signature is authentic.
Cisco Content Services Switch SSL Configuration Guide
1-10
SSL Handshake With Client Authentication
ClientHello
ServerHello
Certificate
CertificateRequest
ServerHelloDone
Certificate
ClientKeyExchange
CertificateVerify
ChangeCipherSpec
Finished (encrypted)
ChangeCipherSpec
Finished (encrypted)
SSL Server
Chapter 1
Overview of CSS SSL
Figure
1-2. The
OL-5655-01
Advertisement
Table of Contents
