Authenticate verify all signature-only | Cisco Systems OL-7029-01

Chapter 3 Commands Specific to the Content Switching Module with SSL

ssl-proxy service

In most cases, all of the SSL-server-proxy configurations that are performed are also valid for the SSL-client-proxy configuration, except for the following:

•You must configure a certificate for the SSL-server-proxy but you do not have to configure a certificate for the SSL-client-proxy. If you configure a certificate for the SSL-client-proxy, that certificate is sent in response to the certificate request message that is sent by the server during the client-authentication phase of the handshake protocol.

•The SSL policy is attached to the virtual subcommand for ssl-server-proxy where as it is attached to server SSL-client-proxy subcommand.

Enter each proxy-service or proxy-client configuration submode command on its own line.

Table 3-8lists the commands that are available in proxy-service or proxy-client configuration submode.

Table 3-8	Proxy-service Configuration Submode Command Descriptions

Syntax		Description

authenticate verify {all signature-only}		Configures the method for certificate verification. You can specify the
		following:
		• all—Verifies CRLs and signature authority.
		• signature-only—Verifies the signature only.

certificate rsa general-purpose trustpoint		Configures the certificate with RSA general-purpose keys and associates a
trustpoint-name		trustpoint to the certificate.

default {certificate inservice nat server		Sets a command to its default settings.
virtual}

exit		Exits from proxy-service or proxy-client configuration submode.

help		Provides a description of the interactive help system.

inservice		Declares a proxy server or client as administratively up.

nat {server client natpool-name}		Specifies the usage of either server NAT or client NAT for the server-side
		connection that is opened by the Content Switching Module with SSL.

policy urlrewrite policy-name		Applies a URL rewrite policy to a proxy server.

server ipaddr ip-addrprotocol protocol		Defines the IP address of the target server for the proxy server. You can also
port portno [sslv2]		specify the port number and the transport protocol. The target IP address can
		be a virtual IP address of an SLB device or a real IP address of a web server.
		The sslv2 keyword specifies the server that is used for handling SSL
		version 2 traffic.

server policy tcp		Applies a TCP policy to the server side of a proxy server. You can specify the
server-side-tcp-policy-name		port number and the transport protocol.

trusted-caca-pool-name		Applies a trusted certificate authenticate configuration to a proxy server.

virtual {ipaddr ip-addr} {protocol		Defines the virtual IP address of the virtual server to which the STE is
protocol} {port portno} secondary		proxying. You can also specify the port number and the transport protocol.
		The valid values for protocol are tcp;valid values for portno is from 1 to
		65535. The secondary keyword (required) prevents the STE from replying to
		the ARP request coming to the virtual IP address.

virtual {policy ssl ssl-policy-name}		Applies an SSL policy with the client side of a proxy server.

virtual {policy tcp		Applies a TCP policy to the client side of a proxy server.
client-side-tcp-policy-name}

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

	OL-7029-01	3-67

Cisco Systems OL-7029-01 manual Authenticate verify all signature-only, Virtual Exit, Inservice

Models: OL-7029-01

Syntax

authenticate verify {all signature-only}

certificate rsa general-purpose trustpoint

default {certificate inservice nat server

virtual}

exit

inservice

nat {server client natpool-name}

policy urlrewrite policy-name

server ipaddr ip-addrprotocol protocol

port portno [sslv2]

server policy tcp

virtual {ipaddr ip-addr} {protocol

protocol} {port portno} secondary

virtual {policy ssl ssl-policy-name}

virtual {policy tcp

client-side-tcp-policy-name}