Example: Configuring Client Certificate Authentication - Cisco CSS11501 - 100Mbps Ethernet Load Balancing Device Configuration Manual

Chapter 4 Using the Configuration Manager

Example: Configuring Client Certificate Authentication

78-13124-05
Client certification authentication can be configured on basic secure servers. This
example demonstrates how to configure an existing server for client certificate
authorization using the certificate group clientTrustGroup. Several options are
available for authentication error handling. In this example, the server is set to
handle all errors by disconnecting the SSL session and redirecting the client to a
standard HTML error page.
1. Initiate a management session as described previously.
Enter Privileged and Configuration modes.
2.
SCA> enable
SCA# configure
(config[myDevice])#
Enter SSL Configuration mode and Server Configuration mode for the server
3.
myServ.
(config[myDevice])# ssl
(config-ssl[myDevice])# server myServ
(config-ssl-server[myServ])#
4. Enter the following commands to enable client certificate authentication, set
the handling of authentication of errors, and assign the certificate group to use
for comparison.
(config-ssl-server[myServ])# clientauth enable
(config-ssl-server[myServ])# clientauth error all failhtml
(config-ssl-server[myServ])# certgroup clientauth clientTrustGroup
(config-ssl-server[myServ])# certgroup verifydepth 1
Exit to Privileged mode, and save the configuration to flash memory. If it is
5.
not saved, the configuration is lost during a power cycle or when the reload
command is used.
(config-ssl-server[myServ])# finished
SCA# write flash
SCA#
Cisco 11000 Series Secure Content Accelerator Configuration Guide
Using Client and Server Certificate Authentication
4-23