Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

policy http-header

Field To Insert

Description

 

 

ClientCert-Subject-CN

X.509 subject’s common name

 

 

ClientCert-Issuer-CN

X.509 certificate issuer’s common name

 

 

ClientCert-Certificate-Version

X.509 certificate version

 

 

ClientCert-Serial-Number

Certificate serial number

 

 

ClientCert-Data-Signature-Algorithm

X.509 hashing and encryption method

 

 

ClientCert-Subject

X.509 subject’s distinguished name

 

 

ClientCert-Issuer

X.509 certificate issuer’s distinguished name

 

 

ClientCert-Not-Before

Certificate is not valid before this date

 

 

ClientCert-Not-After

Certificate is not valid after this date

 

 

ClientCert-Public-Key-Algorithm

The algorithm used for the public key

 

 

ClientCert-RSA-Public-Key-Size

Size of the RSA public key

 

 

ClientCert-RSA-Modulus-Size

Size of the RSA private key

 

 

ClientCert-RSA-Modulus

RSA modulus

 

 

ClientCert-RSA-Exponent

The public RSA exponent

 

 

ClientCert-X509v3-Authority-Key-Identifier

X.509 authority key identifier

 

 

ClientCert-X509v3-Basic-Constraints

X.509 basic constraints

 

 

ClientCert-X509v3-Key-Usage

X.509 key usage

 

 

ClientCert-X509v3-Subject-Alternative-Name

X.509 subject alternative name

 

 

ClientCert-X509v3-CRL-Distribution-Points

X.509 CRL distribution points

 

 

ClientCert-X509v3-Authority-Information-Access

X.509 authority information access

 

 

ClientCert-Signature-Algorithm

Certificate signature algorithm

 

 

ClientCert-Signature

Certificate signature

 

 

Client Certificate in PEM format—When you specify client-cert pem, the SSL module sends the entire client certificate in PEM format.

Client IP and Port Address—Network address translation (NAT) removes the client IP address and port information. When you specify client-ip-port, the SSL module inserts the client IP address and information about the client port into the HTTP header, allowing the server to see the client IP address and port.

Custom—When you specify custom custom-string, the SSL module inserts the user-defined header into the HTTP header.

Prefix—When you specify prefix prefix-string, the SSL module adds the specified prefix into the HTTP header to enable the server to identify that the connections are coming from the SSL module, not from other appliances.

Header alias—Some applications use different names for the standard header. You can create an alias for the standard name of the header so that the same value is passed using the aliased name instead of the standard name that the SSL Services Module sends. If you have specified a prefix for header insertion, the prefix is also applied to the aliased name.

Catalyst 6500 Series Switch SSL Services Module Command Reference

 

OL-9105-01

2-35

 

 

 

Page 60 Page 62
Page 61
Image 61
Cisco Systems 6500 manual Field To Insert Description
Page 60 Page 62
Top Page Image Contents