Table of Contents
Advertisement
You can also apply the TCP profile to the SSL profile. In the following example, the TCP profile
"nagleoff" is applied to the SSL profile: "myprofile" and then "myprofile" is applied to the port ssl
ssl-terminate command in
ServerIronADX(config)# ssl profile myprofile
ServerIronADX(config-ssl-profile-myprofile)# tcp-profile nagleoff
ServerIronADX(config-ssl-profile-myprofile)# exit
ServerIronADX(config)# server virtual-name-or-ip vip1
ServerIronADX(config-vs-vip1)# port ssl ssl-terminate sslprofile myprofile
Applying the TCP profile to VIP for SSL Proxy
In a SSL Proxy configuration, the TCP profile must be applied to the client and server SSL profiles
that are being applied to the Virtual Server.
ServerIronADX(config)# server virtual-name-or-ip vip1
ServerIronADX(config-vs-vip1)# port ssl ssl-proxy clientprofile serverprofile
ServerIronADX(config)# ssl profile clientprofile
ServerIronADX(config-ssl-profile-clientprofile)# tcp-profile nagleoff
ServerIronADX(config-ssl-profile-clientprofil)# exit
ServerIronADX(config)# ssl profile serverprofile
ServerIronADX(config-ssl-profile-serverprofile)# tcp-profile nagleoff
ServerIronADX(config-ssl-profile-serverprofile)# exit
ServerIronADX(config)# server virtual-name-or-ip vip1
ServerIronADX(config-vs-vip1)# port ssl ssl-proxy clientprofile serverprofile
Inserting a certificate in an HTTP header
The ServerIron ADX optionally inserts the client certificate as the HTTP header, to allow the real
server to access the client certificate information.
•
•
•
•
Configuring a CSW Policy to enable client certificate insertion
A CSW Policy needs to be created that enables client certificate insertion. It can be configured as
either a default command within a CSW policy (as shown in the following example) or as an action
in response to a match in a CSW rule.
ServerIronADX(config)# csw-policy cswp1
ServerIronADX(config-csw-cswp1)# default rewrite request-insert client-cert
Syntax: [no] default rewrite request-insert client-cert
Syntax: [no] match <csw rule name> rewrite request-insert client-cert
Bind CSW and CSW policy to the Real Server
ServerIronADX(config)# server virtual-name-or-ip vip1
ServerIronADX(config-vs-vip1)# port ssl csw-policy "cswp1"
ServerIronADX(config-vs-vip1)# port ssl csw
ServerIron ADX Security Guide
53-1002440-03
Configuration Examples for SSL Termination and Proxy Modes
When configuring this feature, you need to do the following in addition to a normal SSL
Terminate configuration:
Create a CSW policy to enable client certificate insertion
Bind CSW and the CSW policy to the SSL port on the Virtual Server
Define the Client Insertion mode and prefix within a CSW policy (optional)
6
183
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Brocade Communications Systems ServerIron ADX 12.4.00a
Related Products for Brocade Communications Systems ServerIron ADX 12.4.00a
- Brocade Communications Systems ServerIron ADX 12.4.00
- Brocade Communications Systems ServerIron ADX 1000F
- Brocade Communications Systems A7533A - Brocade 4Gb SAN Switch Base
- Brocade Communications Systems AE370A - Brocade 4Gb SAN Switch 4/12
- Brocade Communications Systems AA979A - StorageWorks SAN Switch 2/8V
- Brocade Communications Systems A7990A - StorageWorks SAN Director 4/16 Blade Switch
- Brocade Communications Systems AP7420 Series
- Brocade Communications Systems ServerIron ADX
- Brocade Communications Systems AM866A - StorageWorks 8/8 Base SAN Switch
- Brocade Communications Systems SMI Agent 120.11.0
- Brocade Communications Systems Access Gateway
- Brocade Communications Systems Network Advisor SMI Agent 12.0.0
- Brocade Communications Systems 200E Series
- Brocade Communications Systems 300
- Brocade Communications Systems 4100 Series
- Brocade Communications Systems 48000