Table of Contents
Advertisement
Syntax
idcred name key-alias certificate-alias [ca certificate-alias-n ...]
Parameters
name
Specifies the name of the Identification Credentials that authenticates the
appliance.
The name can contain a maximum of 32 characters. For restrictions, refer to
"Object name conventions" on page xxiv.
key-alias
Specifies an existing alias for the private key that is referenced by the
Identification Credentials.
certificate-alias
Specifies and existing alias for the certificate that is referenced by the
Identification Credentials.
ca certificate-alias-n
Optionally identifies an intermediate certificate required to establish a
chain-of-trust starting with the certificate that is referenced by the
certificate-alias argument and a CA trusted by the remote SSL peer.
The list can contain up to 10 intermediate certificates.
Guidelines
An SSL proxy uses an Identification Credentials to authenticate itself to a remote
peer.
The SSL standard requires an SSL server to authenticate itself to a remote SSL
client. Consequently, an SSL proxy operating as an SSL server (in either reverse or
two-way proxy mode) must be assigned an Identification Credentials with which to
authenticate itself to a remote SSL client.
The SSL standard allows an SSL server to authenticate the remote client peer.
Consequently, an SSL proxy operating as a SSL client (in either forward or two-way
proxy mode) can be assigned a set of identification credentials if the remote SSL
server requires authentication. While SSL servers typically do not require client
identification, certain highly secure web sites may impose such a requirement.
Prior to creating an Identification Credentials, you must:
v Use the key command to create an alias for the private key.
v Use the certificate command to create an alias for the certificate.
The no idcred command deletes only the alias for the Identification Credentials.
The aliases used to create the set (that is the certificate alias and private key alias)
remain available for use, as do as the files that contain the actual certificate and
private key that comprise the Identification Credentials.
Related Commands
certificate, decrypt, key
Examples
v Creates the bob Identification Credentials that consists of the private key aliased
by bob and the X.509 certificate aliased by bob.
Chapter 11. Crypto configuration mode
223
Advertisement
Table of Contents
