Client authentication – HP e-Commerce Server Accelerator sa7120 User Manual

C H A P T E R 3

Client Authentication

27

Client Authentication

By default, the SA7100/SA7120 does not authenticate client
identities, however specific map IDs can be configured to request
client certificates for the purpose of verifying identities. When this
feature is enabled, the SA7100/SA7120 verifies that client
certificates are signed by a known CA. This feature is controlled by
the import client_ca command.

Example:

First, use the list map command to display the current map IDs and
their configurations including, in the last column, Client
Authentication, enabled (y) or disabled (n).

HP SA7120> list map

Map Net Ser Cipher Re- Client

ID KeyID Server IP Port Port Suites direct Auth

== ===== ========= ==== ==== ====== ===== ====

1 default Any 443 80 all(v2+v3) n n

2 sample 10.1.2.57 443 80 med(v2+v3) n n

Next, import the client CA certificate for Map ID 2.

HP SA7120> import client_ca 2

Import protocol: (paste, xmodem) [paste]:

<Enter>

Type or paste in data, end with ... alone on line

-----BEGIN CERTIFICATE-----

MIIDxzCCAzCgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBpDEL

MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQ

BgNVBAcTCVNhbiBEaWVnbzEUMBIGA1UE

.

.

.

XcCabZcfBRuYcZeUoNrGUl8tD80jp2YNG1vidgLEaD1YCli5

I9/mNrcB25mSfdAR

/08ROTMxm4VKOSA=

-----END CERTIFICATE-----<Enter>

...<Enter>