Authentication Policy Policy_1 Menu] name - Set policy name validity - Certificate Validation Check Menu passinfo - Pass Certificate Information to Backend Servers Menu trustca - Set trusted CA certificate adverca - Set advertised client’s CA certificate cadepth - Set maximum depth to search the trusted CA in the CA certif chain caverify - Set certificate's CA verification level failurl - Set URL for redirection when authentication fails seract - Set server authentication Action on certificate error type - Set authentication policy type ena - Enable policy dis - Disable policy del - Delete Policy cur - Display current policy configuration |
Command Syntax and Usage | |
---|---|
name | |
An optional descriptive name of the policy in addition to the policy ID. Maximum characters: 128 | |
validity | |
Displays the Certificate Validation Check menu. To view this menu, see /cfg/slb/ssl/authpol/validity Certificate Validation Check Menu. | |
passinfo | |
Displays the Pass Certificate Information to Backend Servers menu. To view this menu, see /cfg/slb/ssl/authpol/passinfo Pass Certificate Information to Backend Servers Menu. | |
trustca | |
Specifies one or more (group) Certificate Authority (CA) certificates that are trusted as issuers of regular (client/server) certificates. When authenticating a client certificate, Alteon sends a Certificate Request message in the SSL handshake. The message includes the common names of the CA certificates defined as trusted, unless a different advertisement list is configured (see the adverca command). The client should send a client certificate that can be validated by Alteon. When authenticating a server certificate, Alteon checks that the server certificates or Intermediate CA certificate that accompanies the server certificate is signed by a CA configured as Trusted. This validation is very important when the server is external to the organization (outbound SSL traffic). Note: Trust CA configuration is mandatory. Values: ![]() ![]() ![]() Default: cert For more information about importing client Trusted CA certificates to Alteon, see /cfg/slb/ssl/certs/trustca Trusted CA Certificate Menu. | |
adverca [cert|group|none|default] | |
Specifies the list of certificate authorities that should be included in the Certificate Request message, providing greater control over the configuration information shared with unknown clients. Values: ![]() ![]() ![]() ![]() | |
cadepth <1 – 9> | |
Specifies the maximum number of certificates to be traversed in a certificate chain while attempting to validate the link between the certificate and the configured trusted CA. Default: 2 | |
caverify | |
Specifies whether and how strictly to verify that a client certificate is trusted. Values: ![]() ![]() ![]() Default: require | |
failurl | |
Specifies the URL to which a client should be redirected when its authentication fails. | |
seract | |
Displays the Authentication Policy server certificate action menu. To view this menu, see /cfg/slb/ssl/authpol/seract Authentication Policy server certificate action Menu. | |
type client|server | |
Specifies whether this is a policy for authentication of clients (when Alteon plays the server role through front-end SSL), or for the authentication of servers (when Alteon plays the client role through back-end SSL). Default: client | |
ena | |
You must enable the authentication policy for it take effect. For more information, see the authpol command under /cfg/slb/ssl/sslpol SSL Policy Menu. | |
dis | |
Disables this policy, making it non-operational. | |
del | |
Deletes this client authentication policy. | |
cur | |
Displays the current client authentication policy settings. |