Assigning Certificate, Key, And Cipher Suites For Server Authentication; Specifying The Rsa Certificate Name - Cisco 11503 - CSS Content Services Switch Configuration Manual

Configuring Virtual SSL Servers for an SSL Proxy List
Assigning Certificate, Key, and Cipher Suites for Server
Authentication

Specifying the RSA Certificate Name

Cisco Content Services Switch SSL Configuration Guide
4-8
To reset the virtual port to the default of 443, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 port
The CSS supports server certificates that it sends to all clients for authentication.
To identify a certificate with a virtual SSL server, you must assign the certificates
and key that you have either imported to or generated on the CSS described in
Chapter 3, Configuring SSL Certificates and
cipher suite that correlates to the certificates and keys.
The following sections provide information for configuring server authentication:
Specifying the RSA Certificate Name
•
Specifying the RSA Key Pair Name
•
Specifying the DSA Certificate Name
•
Specifying the DSA Key Pair Name
•
Specifying the Diffie-Hellman Parameter Filename
•
Specifying Cipher Suites
•
To identify the name of an RSA certificate association to be used in the exchange
of a public/private key pair for authentication and packet encryption, use the
ssl-server number rsacert name command. To see a list of existing RSA certificate
associations, use the ssl-server number rsacert ? command.
The specified RSA certificate must already be loaded on the CSS and an
association made (see
is not a proper RSA certificate association, when you activate the SSL proxy list,
the CSS logs an error message and does not activate the list.
For example, to specify a previously defined RSA certificate association named
rsacert, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 rsacert myrsacert1
Chapter 3, Configuring SSL Certificates and
Chapter 4 Configuring SSL Termination
Keys. You must also assign the
Keys). If there
OL-5655-01