Forum Discussion
dragonflymr
Cirrostratus
Hi,
I wonder what is purpose of using certificate (in Configuration section) except to enable client certificate based authentication (like in browser). Any other reasons?
Piotr
dragonflymr
May 18, 2015Cirrostratus
BTW, issue after update to 11.6 is that in this version when certificate is specified in serverssl profile then matching private key is required. There is no way to save profile with only certificate (what is logical if certificate is used for client authentication). In 10.1 it seems to be possible - I have profile configuration from 10.1 and there is only certificate specified without private key.
Right now I don't know if client authentication is really used for this connection - waiting for answer from customer but I doubt it as it would not be possible if only certificate was configured in profile without private key - or maybe I am wrong?
Here is serverssl config used for this VS
server-ssl profile_ssl {
alert-timeout 60
authenticate once
authenticate-depth 9
authenticate-name none
ca-file none
cache-size 20000
cache-timeout 3600
cert certificate.crt
chain none
ciphers DEFAULT
crl-file none
defaults-from serverssl
handshake-timeout 60
key none
mod-ssl-methods disabled
mode enabled
options { dont-insert-empty-fragments }
partition Common
passphrase none
peer-cert-mode ignore
renegotiate-period indefinite
renegotiate-size indefinite
strict-resume disabled
unclean-shutdown enabled
Piotr