Forum Discussion
dragonflymr
May 18, 2015Cirrostratus
Hi,
I wonder what is purpose of using certificate (in Configuration section) except to enable client certificate based authentication (like in browser). Any other reasons?
Piotr
- dragonflymrMay 18, 2015CirrostratusBTW, issue after update to 11.6 is that in this version when certificate is specified in serverssl profile then matching private key is required. There is no way to save profile with only certificate (what is logical if certificate is used for client authentication). In 10.1 it seems to be possible - I have profile configuration from 10.1 and there is only certificate specified without private key. Right now I don't know if client authentication is really used for this connection - waiting for answer from customer but I doubt it as it would not be possible if only certificate was configured in profile without private key - or maybe I am wrong? Here is serverssl config used for this VS server-ssl profile_ssl { alert-timeout 60 authenticate once authenticate-depth 9 authenticate-name none ca-file none cache-size 20000 cache-timeout 3600 cert certificate.crt chain none ciphers DEFAULT crl-file none defaults-from serverssl handshake-timeout 60 key none mod-ssl-methods disabled mode enabled options { dont-insert-empty-fragments } partition Common passphrase none peer-cert-mode ignore renegotiate-period indefinite renegotiate-size indefinite strict-resume disabled unclean-shutdown enabled Piotr