Authenticate verify all signature-only, Virtual, 2-53

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

service

In most cases, all of the SSL-server-proxy configurations that are performed are also valid for the SSL-client-proxy configuration, except for the following:

•You must configure a certificate for the SSL-server-proxy but you do not have to configure a certificate for the SSL-client-proxy. If you configure a certificate for the SSL-client-proxy, that certificate is sent in response to the certificate request message that is sent by the server during the client-authentication phase of the handshake protocol.

•The SSL policy is attached to the virtual subcommand for the SSL server proxy service; whereas, the SSL policy is attached to the server subcommand for the SSL client proxy service.

Enter each proxy-service or proxy-client configuration submode command on its own line.

Table 2-8lists the commands that are available in proxy-service or proxy-client configuration submode.

Table 2-8 Proxy-service Configuration Submode Command Descriptions

Syntax	Description

authenticate verify {all signature-only}	Configures the method for certificate verification. You can specify the
	following:
	• all—Verifies CRLs and signature authority.
	• signature-only—Verifies the signature only.

certificate rsa general-purpose trustpoint	Configures the certificate with RSA general-purpose keys and associates a
trustpoint-name	trustpoint to the certificate.

default {certificate inservice nat server	Sets a command to its default settings.
virtual}

description	Allows you to enter a description for proxy service.

exit	Exits from proxy-service or proxy-client configuration submode.

help	Provides a description of the interactive help system.

inservice	Declares a proxy server or client as administratively up.

nat {server client}{natpool-name}	Specifies the usage of either server NAT or client NAT for the server-side
	connection that is opened by the SSL Services Module.

policy health-probe tcp policy-name	Applies a TCP health probe policy to a proxy server.

policy http-header policy-name	Applies an HTTP header insertion policy to a proxy server.

policy urlrewrite policy-name	Applies a URL rewrite policy to a proxy server.

server ipaddr ip-addrprotocol protocol	Defines the IP address of the target server for the proxy server. You can also
port portno [sslv2]	specify the port number and the transport protocol. The target IP address can
	be a virtual IP address of an SLB device or a real IP address of a web server.
	The sslv2 keyword specifies the server that is used for handling SSL version 2
	traffic.

server policy tcp	Applies a TCP policy to the server side of a proxy server. You can specify the
server-side-tcp-policy-name	port number and the transport protocol.

trusted-caca-pool-name	Applies a trusted certificate authenticate configuration to a proxy server.

virtual ipaddr ip-addrprotocol protocol	Defines the virtual IP address of the virtual server to which the STE is
port portno [secondary]	proxying. You can also specify the port number and the transport protocol.
	The valid values for protocol are tcp; valid values for portno is from 1 to
	65535. The secondary keyword (optional) prevents the STE from replying to
	the ARP request coming to the virtual IP address.

	Catalyst 6500 Series Switch SSL Services Module Command Reference


OL-9105-01		2-53
OL-9105-01		2-53

Cisco Systems 6500 authenticate verify all signature-only, virtual, inservice, port portno sslv2

Models: 6500

authenticate verify {all signature-only}

certificate rsa general-purpose trustpoint

default {certificate inservice nat server

virtual}

inservice

nat {server client}{natpool-name}

policy http-header policy-name

policy urlrewrite policy-name

server ipaddr ip-addrprotocol protocol

port portno [sslv2]

server policy tcp

virtual ipaddr ip-addrprotocol protocol

port portno [secondary]

2-53