• 2 replies
  • Latest Post - ‏2013-08-16T15:45:34Z by swlinn
22 Posts

Pinned topic Send Client CA List

‏2013-08-16T15:01:26Z |
We are facing one issue on a data power where in consumer is expecting CA list from data power box for the matching key at their end. 
The current setting - Send Client CA List is off and remaining consumers on that domain are happy with this setting.

We are using XI50; Firmware

I am wondering the impact of changing the parameter from off state to on state on existing consumers.
Appreciate any help!
Updated on 2013-08-16T15:15:12Z at 2013-08-16T15:15:12Z by vrshah
  • SriniDp
    46 Posts

    Re: Send Client CA List


    Create a Sperate Crypto Objects to the client who is requesting you to send CA Certs, this wont impact other customers.

  • swlinn
    1396 Posts

    Re: Send Client CA List


    I don't believe adding the CA list will impact existing clients, but it would be worth testing first.  Do you have a non-production test environment you could use?  I assume you're discussing a Front Side Handler's Reverse SSL Proxy Profile.  If so your other option would be to have them use a separate port from other clients so they would get a unique SSL configuration, but then that is more configuration for you to have to manage.