Cisco Catalyst 6500 Series Command Reference Manual page 79

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
In most cases, all of the SSL-server-proxy configurations that are performed are also valid for the
SSL-client-proxy configuration, except for the following:
•
•
Enter each proxy-service or proxy-client configuration submode command on its own line.
Table 2-8
Table 2-8 Proxy-service Configuration Submode Command Descriptions
Syntax
authenticate verify {all | signature-only}
certificate rsa general-purpose trustpoint
trustpoint-name
default {certificate | inservice | nat | server |
virtual}
description
exit
help
inservice
nat {server | client}{natpool-name}
policy health-probe tcp policy-name
policy http-header policy-name
policy urlrewrite policy-name
server ipaddr ip-addr protocol protocol
port portno [sslv2]
server policy tcp
server-side-tcp-policy-name
trusted-ca ca-pool-name
virtual ipaddr ip-addr protocol protocol
port portno [secondary]
OL-9105-01
You must configure a certificate for the SSL-server-proxy but you do not have to configure a
certificate for the SSL-client-proxy. If you configure a certificate for the SSL-client-proxy, that
certificate is sent in response to the certificate request message that is sent by the server during the
client-authentication phase of the handshake protocol.
The SSL policy is attached to the virtual subcommand for the SSL server proxy service; whereas,
the SSL policy is attached to the server subcommand for the SSL client proxy service.
lists the commands that are available in proxy-service or proxy-client configuration submode.
Description
Configures the method for certificate verification. You can specify the
following:
all—Verifies CRLs and signature authority.
•
signature-only—Verifies the signature only.
•
Configures the certificate with RSA general-purpose keys and associates a
trustpoint to the certificate.
Sets a command to its default settings.
Allows you to enter a description for proxy service.
Exits from proxy-service or proxy-client configuration submode.
Provides a description of the interactive help system.
Declares a proxy server or client as administratively up.
Specifies the usage of either server NAT or client NAT for the server-side
connection that is opened by the SSL Services Module.
Applies a TCP health probe policy to a proxy server.
Applies an HTTP header insertion policy to a proxy server.
Applies a URL rewrite policy to a proxy server.
Defines the IP address of the target server for the proxy server. You can also
specify the port number and the transport protocol. The target IP address can
be a virtual IP address of an SLB device or a real IP address of a web server.
The sslv2 keyword specifies the server that is used for handling SSL version 2
traffic.
Applies a TCP policy to the server side of a proxy server. You can specify the
port number and the transport protocol.
Applies a trusted certificate authenticate configuration to a proxy server.
Defines the virtual IP address of the virtual server to which the STE is
proxying. You can also specify the port number and the transport protocol.
The valid values for protocol are tcp; valid values for portno is from 1 to
65535. The secondary keyword (optional) prevents the STE from replying to
the ARP request coming to the virtual IP address.
Catalyst 6500 Series Switch SSL Services Module Command Reference
service
2-53