Manuals / Cisco Systems / Computer Equipment / Switch

Cisco Systems 6500 policy http-header, client-cert pem, alias, Field To Insert, 2-34, Release

Models: 6500

1 160

Download 160 pages 24.26 Kb

Page 60

policy http-header

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

policy http-header

policy http-header

Syntax Description

Defaults

Command Modes

To enter the HTTP header insertion configuration submode, use the policy http-headercommand.

policy http-headerhttp-header-policy-name

http-header-policy-name	HTTP header policy name.

This command has no default settings.

Context subcommand mode

Command History		Release	Modification
		SSL Services Module	Support for this command was introduced on the Catalyst 6500 series
		Release 2.1(1)	switches.

		SSL Services Module	The policy http-headercommand (entered in context subcommand
		Release 3.1(1)	mode) replaces the ssl-proxy policy http-headercommand (entered in
			global subcommand mode).
			This command was changed to add the following submode commands:
			• client-cert pem
			• alias


Usage Guidelines		In HTTP header insertion configuration submode, you can define the HTTP header insertion content
		policy that is applied to the payload.

HTTP header insertion allows you to insert additional HTTP headers to indicate to the real server that the connection is actually an SSL connection. These headers allow server applications to collect correct information for each SSL session and/or client.

You can insert these header types:

•Client Certificate—Client certificate header insertion allows the back-end server to see the attributes of the client certificate that the SSL module has authenticated and approved. When you specify client-cert, the SSL module passes the following headers to the back-end server:

Field To Insert	Description

ClientCert-Valid	Certificate validity state

ClientCert-Error	Error conditions

ClientCert-Fingerprint	Hash output

Catalyst 6500 Series Switch SSL Services Module Command Reference

2-34	OL-9105-01

Image 60

Cisco Systems 6500 policy http-header, client-cert pem, alias, Field To Insert, 2-34, Release, Modification, Description

Contents

Corporate Headquarters Catalyst 6500 Series Switch SSL Services Module Command ReferenceRelease Cisco Systems, Inc 170 West Tasman Drive San Jose, CATHE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS How to Find Command Options Definitions of Service Request SeverityCommand-Line Interface C O N T E N T SCommands for the Catalyst 6500 Series Switch SSL Services Module serviceservice client natpoolsnmp-server enable ssl-proxy pkiAcronyms A-1 show ssl-proxy vlanContents Catalyst 6500 Series Switch SSL Services Module Command ReferenceOL-9105-01 Command-Line Interface Commands for the CatalystSeries Switch SSL Services PrefaceConventions Conventionboldface font example, interface interface typeObtaining Documentation Cisco.comProduct Documentation DVD Documentation Feedback Cisco Product Security OverviewOrdering Documentation Reporting Security Problems in Cisco Products Obtaining Technical AssistanceCisco Technical Support & Documentation Website Emergencies - security-alert@cisco.comSubmitting a Service Request Definitions of Service Request SeverityObtaining Additional Publications and Information xiiiCatalyst 6500 Series Switch SSL Services Module Command Reference Preface Obtaining Additional Publications and InformationOL-9105-01 Command-Line Interface Getting Help, page How to Find Command Options, pageUnderstanding Command Modes, page Using the No and Default Forms of Commands, pageHow to Find Command Options CommandPurpose Command CommentTable 1-2 How to Find Command Options Command Table 1-2 How to Find Command Options continuedssl-proxyconfig-if# channel-group 1 mode auto ? ssl-proxyconfig-if# channel-group 1 mode autoUnderstanding Command Modes Access Methodconfigure terminal privileged EXEC configure terminalUsing the No and Default Forms of Commands interface commandimage using the boot system flash filename with an interfaceUsing the CLI String Search Regular ExpressionsSingle-Character Patterns Character\$ \ \+ aeiouabcdABCD a-dA-DMultiple-Character Patterns Multiplierstelebit 3107 v32bis ba?bAlternation AnchoringA-Za-z0-9+ codex telebitParentheses for Recall 13001300$ 1300space space1300 1300, ,1300, 1300 ,1300 a.bc.\1\21-12 Chapter 1 Command-Line Interface Using the CLI String SearchCatalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01Commands for the Catalyst 6500 Series Switch SSL Services Module C H A P T E Rservice name DefaultsCommand Modes Command History clear ssl-proxy connclear ssl-proxy content clear ssl-proxy content all rewrite scanning module moduleDefaults Command Modes Command History This example shows how to clear all of the content statisticsclear ssl-proxy session Usage Guidelinesservice name Defaultsservice name Command Modesclear ssl-proxy stats ssl tcp urlCommand History Usage Guidelines Examples ReleaseModification context nameDefaults crypto pki export pemCommand Modes Command History ReleaseExamples crypto pki import pemDefaults Command History Command History crypto pki import pemSyntax Description Release2-10 151129.901 %SYS-5-CONFIGI Configured from console by consoleExamples crypto pki export pemcrypto pki export pkcs12 2-11Defaults Command Modes Command History Release2-12 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference ssl-proxyconfig# crypto pki export TP1 pkcs12 scp sky is bluecrypto pki import pkcs12 2-13Defaults Command Modes Command History2-14 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Modulefilename TP2? /users/admin-1/pkcs12/TP2.p12 Catalyst 6500 Series Switch SSL Services Module Command Referencecrypto key decrypt rsa crypto key decrypt write rsa name key-name passphrase passphrasepassphrase passphrase 2-15crypto key encrypt rsa crypto key encrypt write rsa name key-name passphrase passphrase2-16 Defaultscrypto key export rsa pem 2-17Defaults Command Modes Command History Syntax DescriptionThis example shows how to export a key from the SSL Services Module 2-18Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referencecrypto key import rsa pem 2-19Defaults Command Modes Command History Syntax Description2-20 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Modulessl-proxyconfig# crypto key import rsa newkeys pem url scp password Catalyst 6500 Series Switch SSL Services Module Command Referencecrypto key lock rsa crypto key lock rsa name key-name passphrase passphrase2-21 Defaults Command Modes Command Historycrypto key unlock rsa crypto key unlock rsa name key-name passphrase passphrase2-22 Defaults Command Modes Command Historycontent type debug ssl-proxypki type ssl type tcp type vlan fdu typeCommand History 2-24content type ReleaseThis example shows how to turn on App debugging 2-25Examples Command Modes ReleaseModification Usage GuidelinesSyntax Description Defaults Command Modes Command History defaultinterface ssl-proxy Syntaxstandby group-number authentication text string delay minimum min-delaygroup-name preempt delayminimum priority priority redirects enable2-29 Related Commands show interfaces ssl-proxy show ssl-proxy vlanExamples natpool show ssl-proxy natpool2-30 DefaultsSyntax Description Defaults Command Modes policy health-probe tcppolicy health-probe tcp policy-name failed-interval is 60 seconds2-32 open-timeout secondsSyntax Description2-33 Related Commands show ssl-proxy policy show ssl-proxy servicepolicy http-header client-cert pemalias Field To Insert2-35 Field To InsertDescription ClientCert-Subject-CNField to insert 2-36Description Syntaxclient-ip-port prefixsession 2-372-38 Related Commands show ssl-proxy policytimeout session timeout absolute policy ssl2-39 DefaultsSSL Services Module This command was changed to add the following subcommandsThe policy ssl command entered in context subcommand mode replaces the ssl-proxy policy ssl command entered in global subcommand moderenegotiation volume size timeout handshake timeouthelp renegotiation interval time2-42 all-export-All export ciphers all-strong-All strong ciphers default2-43 This example shows how to enter the SSL-policy configuration submodeExamples 2-44 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference policy sslpolicy tcp 2-45Defaults Command Modesdelayed-ack-threshold delay delayed-ack-timeout timerno timeout fin-wait timeout-in-seconds no timeout inactivity timeout-in-secondsno timeout reassembly time no tos carryover2-47 Syntax2-48 This example shows how to define the maximum size for the TCP segmentpolicy url-rewrite 2-49Defaults Command Modes2-50 Enter the no form of the command to remove the policyExamples pool ca 2-51Defaults Command Modes Command History defaultservice service client command2-52 Defaultsauthenticate verify all signature-only default certificate inservice nat serverinservice certificate rsa general-purpose trustpoint2-54 SyntaxDescription virtual policy ssl ssl-policy-name2-55 Related Commands show ssl-proxy serviceservice client policy health-probe tcp policy http-header2-56 Syntax Description Defaults Command Modesnat server client natpool-name virtual policy ssl ssl-policy-namevirtual policy tcp vlan vlan2-58 Related Commands show ssl-proxy serviceExamples show interfaces ssl-proxy show interfaces ssl-proxy 0.subinterface2-59 DefaultsThis command has no default settings show ssl-proxy buffersshow ssl-proxy buffers 2-60show ssl-proxy certificate-history service name show ssl-proxy certificate-history2-61 Defaults Command Modes Command History2-62 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference ExamplesRelated Commands service 2-63Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referenceshow ssl-proxy conn service name context name module module show ssl-proxy connshow ssl-proxy conn module module 4tuple2-65 ReleaseModification context name2-66 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference ssl-proxy# show ssl-proxy conn service iis1show ssl-proxy context show ssl-proxy context name2-67 Defaultsshow ssl-proxy crash-info show ssl-proxy crash-info brief detailsbrief details2-69 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference show ssl-proxy crash-infoshow ssl-proxy mac address show ssl-proxy mac address2-70 Syntax Description Defaults Command Modes Command Historyshow ssl-proxy natpool show ssl-proxy natpool namecontext name2-71 Defaults Command Modes Command Historyshow ssl-proxy policy url-rewrite namehealth-probe tcp http-header2-73 Reassembly timeoutDisabled Delayed ACK timer2-74 policy tcp policy url-rewritessl-proxy# show ssl-proxy policy health-probe tcp tcp-health show ssl-proxy service show ssl-proxy service namecontext name2-75 Defaults Command Modes Command History2-76 Related Commands serviceChapter 2 Commands for the Catalyst 6500 Series SSL Services Module show ssl-proxy servicecontent show ssl-proxy statsshow ssl-proxy stats type 2-772-78 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference Examples2-79 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Moduleshow ssl-proxy stats ssl-proxy# show ssl-proxy stats pki PKI Memory Usage Counters2-80 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Modulessl-proxy# show ssl-proxy stats context Context name Default Catalyst 6500 Series Switch SSL Services Module Command Reference2-81 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Modulessl-proxy# show ssl-proxy stats content Catalyst 6500 Series Switch SSL Services Module Command Referenceshow ssl-proxy status show ssl-proxy status fdu ssl tcpSyntax Description Optional Displays the FDU status2-83 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference show ssl-proxy statusshow ssl-proxy version show ssl-proxy version2-84 Syntax Description Defaults Command Modes Command HistoryRelated Commands show ssl-proxy vlanshow ssl-proxy vlan vlan-iddebugmodule module 2-85snmp-server enable Defaults Command Modes Command History Examplesinforms trapsssl-proxy context ssl-proxy context name no ssl-proxy context namePurpose and Guidelines description descriptionPurpose and Guidelines 2-88Command Defaultsssl-proxy crypto selftest ssl-proxy crypto selftest time-interval secondsno ssl-proxy crypto selftest time-intervalThis example shows how to configure a MAC address ssl-proxy mac addressssl-proxy mac address mac-addr 2-90no ssl-proxy pki authenticate cache certificate history authenticatetimeout seconds timeout minutes2-92 Related Commands show ssl-proxy statsExamples ssl-proxy crypto key unlock rsa ssl-proxy crypto key unlock rsa key-name passphrase passphrase2-93 Defaults Command Modes Command Historyssl-proxy ip-frag-ttl ssl-proxy ip-frag-ttl time2-94 Syntax Description Defaults Command Modesssl-proxy ssl ratelimit ssl-proxy ssl ratelimit no ssl-proxy ssl ratelimit2-95 Defaultsstandby authentication standby group-number authentication text stringno standby group-number authentication text string 2-96standby delay minimum reload standby delay minimum min-delay reload reload-delayno standby delay minimum min-delay reload reload-delay 2-97show standby delay 2-98Related Commands Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleDefaults Command Modes Command History Usage Guidelines standby ip2-99 Syntax Description2-100 used by the hot standby group is learned using HSRPExamples standby mac-address no standby group-number mac-addressAPPN 2-101show standby 2-102Examples standby mac-refresh standby mac-refresh seconds no standby mac-refresh2-103 Defaults Command Modes Command HistoryThis example shows how to specifiy the standby name as SanJoseHA standby namestandby name group-name no standby name group-name 2-104standby preempt 2-105Defaults Command Modes Command History2-106 ssl-proxy config-subif# standby preempt delay minimumExamples standby priority no standby group-number priority priority2-107 Defaults Command Modes Command History2-108 Related CommandsChapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referenceenable disabletimers standby redirectsThis example shows how to allow HSRP to filter ICMP redirect messages Related Commands show standbyshow standby redirect 2-110standby timers 2-111Defaults Command Modes Command History2-112 timers 5standby timers msec 300 msec Examplesstandby track 2-113Defaults Command Modes Command History Syntax DescriptionRouter A Configuration Router B ConfigurationRelated Commands standby preempt 2-114standby use-bia standby use-bia scope interface no standby use-biascope interface 2-115This example shows how to configure HSRP version standby versionstandby version 1 Specifies HSRP versionAcronyms A P P E N D I X AAcronym ExpansionAcronym ExpansionTable A-1 List of Acronyms continued Acronym ExpansionAcronym ExpansionAcronym ExpansionAcronym ExpansionAcronym ExpansionAcronym ExpansionCatalyst 6500 Series Switch SSL Services Module Command Reference AcronymExpansion Table A-1 List of Acronyms continuedA-10 Catalyst 6500 Series Switch SSL Services Module Command ReferenceAppendix A Acronyms OL-9105-01Acknowledgments for Open-Source Software A P P E N D I X BCatalyst 6500 Series Switch SSL Services Module Command Reference Appendix B AcronymsOL-9105-01 Symbols NumericsI N D E IN-1IN-2 IN-3 configuringsecondary interface IN-4 IN-5 IN-6 Catalyst 6500 Series Switch SSL Services Module Command ReferenceIndex OL-9105-01