Cisco Systems 6500 manual Field To Insert Description

Page 61

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

policy http-header

Field To Insert

Description

 

 

ClientCert-Subject-CN

X.509 subject’s common name

 

 

ClientCert-Issuer-CN

X.509 certificate issuer’s common name

 

 

ClientCert-Certificate-Version

X.509 certificate version

 

 

ClientCert-Serial-Number

Certificate serial number

 

 

ClientCert-Data-Signature-Algorithm

X.509 hashing and encryption method

 

 

ClientCert-Subject

X.509 subject’s distinguished name

 

 

ClientCert-Issuer

X.509 certificate issuer’s distinguished name

 

 

ClientCert-Not-Before

Certificate is not valid before this date

 

 

ClientCert-Not-After

Certificate is not valid after this date

 

 

ClientCert-Public-Key-Algorithm

The algorithm used for the public key

 

 

ClientCert-RSA-Public-Key-Size

Size of the RSA public key

 

 

ClientCert-RSA-Modulus-Size

Size of the RSA private key

 

 

ClientCert-RSA-Modulus

RSA modulus

 

 

ClientCert-RSA-Exponent

The public RSA exponent

 

 

ClientCert-X509v3-Authority-Key-Identifier

X.509 authority key identifier

 

 

ClientCert-X509v3-Basic-Constraints

X.509 basic constraints

 

 

ClientCert-X509v3-Key-Usage

X.509 key usage

 

 

ClientCert-X509v3-Subject-Alternative-Name

X.509 subject alternative name

 

 

ClientCert-X509v3-CRL-Distribution-Points

X.509 CRL distribution points

 

 

ClientCert-X509v3-Authority-Information-Access

X.509 authority information access

 

 

ClientCert-Signature-Algorithm

Certificate signature algorithm

 

 

ClientCert-Signature

Certificate signature

 

 

Client Certificate in PEM format—When you specify client-cert pem, the SSL module sends the entire client certificate in PEM format.

Client IP and Port Address—Network address translation (NAT) removes the client IP address and port information. When you specify client-ip-port, the SSL module inserts the client IP address and information about the client port into the HTTP header, allowing the server to see the client IP address and port.

Custom—When you specify custom custom-string, the SSL module inserts the user-defined header into the HTTP header.

Prefix—When you specify prefix prefix-string, the SSL module adds the specified prefix into the HTTP header to enable the server to identify that the connections are coming from the SSL module, not from other appliances.

Header alias—Some applications use different names for the standard header. You can create an alias for the standard name of the header so that the same value is passed using the aliased name instead of the standard name that the SSL Services Module sends. If you have specified a prefix for header insertion, the prefix is also applied to the aliased name.

Catalyst 6500 Series Switch SSL Services Module Command Reference

 

OL-9105-01

2-35

 

 

 

Image 61
Contents Text Part Number OL-9105-01 Corporate HeadquartersPage Iii N T E N T SNatpool Acronyms A-1 OL-9105-01 Organization AudienceRelated Documentation Chapter Title DescriptionConvention Description ConventionsBoldface font Example, interface interface typeCisco.com Obtaining DocumentationCisco Product Security Overview Documentation FeedbackObtaining Technical Assistance Reporting Security Problems in Cisco ProductsXii Submitting a Service RequestXiii Obtaining Additional Publications and InformationXiv This chapter includes the following sections Getting HelpHow to Find Command Options Command Comment Mode keyword Must enter next on the command lineAfter you enter the mode keyword Complete the command. If additionalCommand Mode Access Method Prompt Exit Method Understanding Command ModesConfigure terminal privileged Exec Configure terminalInterface command Using the No and Default Forms of CommandsImage using the boot system flash filename With an interfaceCharacter Special Meaning Using the CLI String SearchAeiou \$ \ \+AbcdABCD DA-DCharacter Telebit 3107 v32bisBa?b This string matches any number of asterisksCodex telebit Za-z0-9+Abcd $\.121300 For example1300$ 1300space space1300 1300, ,1300, 1300 ,1300 WithOL-9105-01 A P T E R Command Modes Command History DefaultsClear ssl-proxy conn Release ModificationDefaults Command Modes Command History Clear ssl-proxy contentUsage Guidelines Clear ssl-proxy sessionClear ssl-proxy stats Ssl-proxy#clear ssl-proxy stats Terminal Crypto pki export pemDes 3desCrypto pki import pem Related CommandsCrypto pki import pem Defaults Command HistoryExportable Usage-keysCrypto pki export pem Crypto pki export pkcs12 This example shows how to export a PKCS12 file using SCP Crypto pki import pkcs12 Filename TP2? /users/admin-1/pkcs12/TP2.p12 This example shows how to import a PKCS12 file using SCPCrypto Name key-name Crypto key decrypt rsaPassphrase passphrase Crypto key encrypt rsaCrypto key decrypt rsa Crypto key encrypt rsaCrypto key lock rsa Keylabel Name of the key Crypto key export rsa pemOptional Specifies that the key can be exported Key nametest-keys UsageGeneral Purpose Key Instead of one general-purpose key pair Crypto key import rsa pemNull-Imports from the null file system System-Imports from the system file systemPEM-formatted RSA key to the SSL Services Module Crypto key lock rsa name key-namepassphrase passphrase Crypto key lock rsaName key-name Optional Name of the key Passphrase passphraseCrypto key unlock rsa name key-namepassphrase passphrase Crypto key unlock rsaDebug ssl-proxy Command History Release Modification This example shows how to turn on App debugging Command EXEC-level command to be executed Do commandConfiguration mode Interface ssl-proxy Syntax Description Defaults Command Modes Command HistorySyntax Description Standby delay minimum reload Standby authenticationStandby timers Standby ipSsl-proxyconfig-subif#ip address 208.59.100.18 Ssl-proxy config# interface ssl-proxyThis example shows how to define a pool of IP addresses Context subcommand modeNatpool Natpool nat-pool-name startipaddr endipaddr netmask netmaskPolicy health-probe tcp Syntax Description Defaults Command ModesInterval seconds Failed-interval secondsSsl-proxyconfig#ssl-proxy context ssl Open-timeout secondsSsl-proxyconfig-context#policy health-probe tcp probe1 Running on server IP addressPage Client-cert pem Policy http-headerAlias Policy that is applied to the payloadField To Insert Description Client-cert pem Custom custom-string Client-ip-portInserts the custom-stringheader into the Http header PrefixSSL-OFFLOAD-SOFTWARE VERSION3.11 Related Commands show ssl-proxy policySession-caching is enabled Close-protocol is disabledTimeout session timeout absolute Policy sslSSL-Policy Configuration Submode Command Descriptions Timeout handshake timeout Renegotiation volume sizeHelp Renegotiation interval timeOL-9105-01 This example shows how to disable a session cache This example shows how to enable a session cacheOL-9105-01 Policy tcp Delayed-ack-timeout timer Delayed-ack-threshold delayNo timeout fin-wait timeout-in-seconds No timeout inactivity timeout-in-secondsForm of this command to return to the default setting No timeout reassembly timeNo tos carryover Server to client connection, the server connection must beSsl-proxy config-ctx-tcp-policy# mss Policy url-rewrite Redirectonly Ssl-proxyconfig-context#ssl-proxy policy url-rewrite test1Pool ca ca-pool-name Pool caCa-pool-name Certificate authority pool name Service Default certificate inservice nat server Authenticate verify all signature-onlyInservice Certificate rsa general-purpose trustpointVirtual policy tcp Virtual policy ssl ssl-policy-nameVlan vlan Related Commands show ssl-proxy service Policy health-probe tcp Policy http-header Service clientVirtual policy ssl ssl-policy-name Nat server client natpool-nameVirtual policy tcp Vlan vlanSsl-proxy config-ctx-ssl-proxy# server policy tcp tcppl1 Show interfaces ssl-proxy 0.subinterface Show interfaces ssl-proxyPolicy tcp Show ionterfacesShow ssl-proxy buffers This command has no default settingsShow ssl-proxy buffers Ssl-proxy#show ssl-proxy buffersService name Show ssl-proxy certificate-history service nameSpecific proxy service Show ssl-proxy certificate-historyRecord 1, Timestamp000051, 163634 UTC Oct 31 Ssl-proxy# show ssl-proxy certificate-historyRelated Commands service 4tuple Show ssl-proxy connLocal RemoteSsl-proxy#show ssl-proxy conn Context name Module module200.200.1438814 58796 Show ssl-proxy context Context DefaultShow ssl-proxy context name Name Optional Name of the contextShow ssl-proxy crash-info brief details Show ssl-proxy crash-infoBrief DetailsSsl-proxy#show ssl-proxy crash-info brief Stack top Printing 1024 bytes from stack topShow ssl-proxy mac address Show ssl-proxy mac addressSsl-proxy#show ssl-proxy mac address Show ssl-proxy natpool namecontext name Show ssl-proxy natpoolContext name NatpoolHealth-probe tcp Show ssl-proxy policyHttp-header Url-rewriteSsl-proxy#show ssl-proxy policy tcp tcp-policy1 Ssl-proxy#show ssl-proxy policy ssl ssl-policy1Ssl-proxy#show ssl-proxy policy health-probe tcp tcp-health Show ssl-proxy service namecontext name Show ssl-proxy serviceSsl-proxy#show ssl-proxy service Ssl-proxy#show ssl-proxy service S6Service client Show ssl-proxy stats ContentShow ssl-proxy stats type Stats This example shows how to display the PKI statistics This example shows how to display the TCP statisticsSsl-proxy#show ssl-proxy stats context Context name Default This example shows how to display context statisticsSsl-proxy# show ssl-proxy stats hdr Ssl-proxy#show ssl-proxy stats content This example shows how to display content statisticsShow ssl-proxy status fdu ssl tcp Show ssl-proxy statusShow ssl-proxy status TCP cpu is alive Show ssl-proxy version Show ssl-proxy versionSsl-proxy#show ssl-proxy version Show ssl-proxy vlan vlan-iddebugmodule module Show ssl-proxy vlanDebug Optional Displays debug informationDefaults Command Modes Command History Examples Snmp-server enableSsl-proxy context Command Purpose and Guidelines DefaultsSsl-proxy context name No ssl-proxy context name Description descriptionPolicy tcp policy-name Policy ssl policy-namePolicy url-rewrite policy-name Pool ca nameThis example shows how to start a cryptographic self-test Seconds Global configurationSsl-proxy crypto selftest Time-intervalRelated Commands show ssl-proxy mac address This example shows how to configure a MAC addressSsl-proxy config# ssl-proxy mac address 00e0.b0ff.f232 Ssl-proxy mac addressSsl-proxy pki This example shows how to enable PKI event-history This example shows how to specify the cache sizeRelated Commands show ssl-proxy stats Key-name Name of the key Passphrase Pass phrase Ssl-proxy crypto key unlock rsaSsl-proxyconfig#ssl-proxy ip-frag-ttl Time is 6 seconds Global configurationSsl-proxy ip-frag-ttl Ssl-proxy ip-frag-ttl timeSsl-proxy config# no ssl-proxy ssl ratelimit Ssl-proxy config# ssl-proxy ssl ratelimitSsl-proxy ssl ratelimit Ssl-proxy ssl ratelimit No ssl-proxy ssl ratelimitGroup-number is String is cisco Standby authenticationMin-delay is 1 second Reload-delay is 5 seconds Standby delay minimum reloadSsl-proxyconfig#interface ssl-proxy Show standby delaySsl-proxyconfig-subif#standby delay minimum 30 reload Standby ip Defaults Command Modes Command History Usage GuidelinesSecondary Group-number is100 Used by the hot standby group is learned using HsrpStandby group-numbermac-addressmac-address Standby mac-addressNo standby group-numbermac-address Mac-address MAC addressThat is used in the end nodes Ssl-proxyconfig-subif#standby 1 mac-addressShow standby 102Standby mac-refresh seconds no standby mac-refresh Standby mac-refresh103 Standby name Hsrp is disabledStandby name group-name No standby name group-name Group-name Name of the standby group105 Standby preemptLeaves any synchronization delay if it was configured Operation returns to the default behaviorClients To become the active routerStandby group-numberpriority priority Standby priorityNo standby group-numberpriority priority Group-number is Priority is108 This example shows how to change the router priority109 Standby redirectsSsl-proxyconfig-subif#standby redirects timers 90 Related Commands show standbyShow standby redirect 110Msec Standby timersOptional Specifies the interval in milliseconds 111112 Decrement priority Standby trackOr comes back up 113Router B Configuration Router a ConfigurationRelated Commands standby preempt 114Standby use-bia scope interface no standby use-bia Standby use-biaScope interface On which it was entered, instead of the major interfaceStandby version This example shows how to configure Hsrp versionStandby version 1 Specifies Hsrp versionAcronym Expansion CCA CbacCDP CEFDsap DramDscp DspuIcmp ICDIDB IDPMdix MD5Mdss MFDOSM OSIOspf PAEROM RmonRommon RPCSVC STPSVI TACACS+WRR Weighted round-robinXNS Xerox Network SystemOL-9105-01 Acknowledgments for Open-Source Software OL-9105-01 Asterisk + plus sign Period ? command Caret # character privileged Exec mode prompt$ character IN-1IN-2 IN-3 IN-4 IN-5 TCPIN-6 Configuration submode User Exec mode, summary
Related manuals
Manual 20 pages 62.17 Kb Manual 112 pages 18.84 Kb Manual 262 pages 31.67 Kb