Filter
Top Products
2-53
Catalyst 6500 Series Switch SSL Services Module Command Reference
OL-9105-01
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
service
In most cases, all of the SSL-server-proxy configurations that are performed are also valid for the
SSL-client-proxy configuration, except for the following:
• You must configure a certificate for the SSL-server-proxy but you do not have to configure a
certificate for the SSL-client-proxy. If you configure a certificate for the SSL-client-proxy, that
certificate is sent in response to the certificate request message that is sent by the server during the
client-authentication phase of the handshake protocol.
• The SSL policy is attached to the virtual subcommand for the SSL server proxy service; whereas,
the SSL policy is attached to the server subcommand for the SSL client proxy service.
Enter each proxy-service or proxy-client configuration submode command on its own line.
Table 2-8 lists the commands that are available in proxy-service or proxy-client configuration submode.
Table 2-8 Proxy-service Configuration Submode Command Descriptions
Syntax Description
authenticate verify {all | signature-only} Configures the method for certificate verification. You can specify the
following:
• all—Verifies CRLs and signature authority.
• signature-only—Verifies the signature only.
certificate rsa general-purpose trustpoint
trustpoint-name
Configures the certificate with RSA general-purpose keys and associates a
trustpoint to the certificate.
default {certificate | inservice | nat | server |
virtual}
Sets a command to its default settings.
description Allows you to enter a description for proxy service.
exit Exits from proxy-service or proxy-client configuration submode.
help Provides a description of the interactive help system.
inservice Declares a proxy server or client as administratively up.
nat {server | client}{natpool-name} Specifies the usage of either server NAT or client NAT for the server-side
connection that is opened by the SSL Services Module.
policy health-probe tcp policy-name Applies a TCP health probe policy to a proxy server.
policy http-header policy-name Applies an HTTP header insertion policy to a proxy server.
policy urlrewrite policy-name Applies a URL rewrite policy to a proxy server.
server ipaddr ip-addr protocol protocol
port portno [sslv2]
Defines the IP address of the target server for the proxy server. You can also
specify the port number and the transport protocol. The target IP address can
be a virtual IP address of an SLB device or a real IP address of a web server.
The sslv2 keyword specifies the server that is used for handling SSL version 2
traffic.
server policy tcp
server-side-tcp-policy-name
Applies a TCP policy to the server side of a proxy server. You can specify the
port number and the transport protocol.
trusted-ca ca-pool-name Applies a trusted certificate authenticate configuration to a proxy server.
virtual ipaddr ip-addr protocol protocol
port portno [secondary]
Defines the virtual IP address of the virtual server to which the STE is
proxying. You can also specify the port number and the transport protocol.
The valid values for protocol are tcp; valid values for portno
is from 1 to
65535. The secondary keyword (optional) prevents the STE from replying to
the ARP request coming to the virtual IP address.