beautypg.com

Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 153

background image

Brocade Virtual ADX Security Guide

141

53-1003250-01

Configuration examples for SSL Termination Mode

6

Define client certificate insertion mode and prefix
The client certificate insertion mode and prefix can be optionally configured within a CSW policy as
described in the following. To configure the client insertion mode, use the default rewrite
request-insert command as shown.

Virtual ADX(config)#csw-policy cswp1

Virtual ADX(config-csw-cswp1)#default rewrite request-insert client-cert

Syntax: [no] default rewrite request-insert client-cert [entire-chain | leaf-cert | wellknown-fields]

Selecting the entire-chain parameter directs the Brocade Virtual ADX to insert the entire chain
including the leaf certificate in BASE64 encoded form. This is the default mode.

Selecting the leaf-cert parameter directs the Brocade Virtual ADX to insert only the leaf certificate
in BASE64 encoded form, even though the certificate chain is present.

If the wellknown-fields parameter is selected the important information of the client certificate is
retrieved and inserted as the HTTP headers, in plain text. If this mode is chosen, the following
headers are inserted: "Client-Cert-Version", "Client-Cert-Serial", "Client-Cert-Start", "Client-Cert-End",
"Client-Cert-Subject", "Client-Cert-Subject-CN", "Client-Cert-SubjectAlt-CN", "Client-Cert-Issuer" and
"Client-Cert-Issuer-CN".

You can add a prefix to the default HTTP names using the default rewrite request-insert
certheader-prefix command. In the following example, the prefix "SSL" added to the HTTP header
"Client-Cert" would become "SSL-Client-Cert".

Virtual ADX(config)#csw-policy cswp1

Virtual ADX(config-csw-cswp1)#default rewrite request-insert client-cert

certheader-prefix "SSL"

Syntax: [no] default rewrite request-insert client-cert certheader-prefix prefix

The value specified by the prefix variable is added to the default HTTP name.

The HTTP header names are shown in

Table 15

.

TABLE 15

HTTP Header Names and Descriptions

Header Names

Descriptions

Client-Cert

The entire client certificate chain or the leaf certificate.

Client-Cert-Version

Version of the client certificate.

Client-Cert-Serial

Serial number of the client certificate.

Client-Cert-Start

Date certificate not valid before.

Client-Cert-End

Date certificate not valid after.

Client-Cert-Subject

Subject's distinguished name.

Client-Cert-Subject-CN

Subject's common name.

Client-Cert-Subject-Alt-CN

Subject's alternative name.

Client-Cert-Issuer

Issuer's distinguished name.

Client-Cert-Issuer-CN

Issuer's common name.

See also other documents in the category Brocade Computer Accessories: