Cisco Headend Digital Broadband Delivery System
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
Chapter 7 DNCS Web Services Security
120
4034689 Rev A
Configure Client Authentication for the BOSS Web Service
Client authentication is optional for the DNCS BOSS web service. The BOSS web
service does not require client authentication by default. When client authentication
is required by an HTTP-S Server, the HTTP-S client must provide a valid client
certificate.
service does not require client authentication by default. When client authentication
is required by an HTTP-S Server, the HTTP-S client must provide a valid client
certificate.
When client authentication is optional for an HTTP-S Server, the server requests a
valid client certificate but the client is not required to return one. If the client does
return a certificate, it must be trusted by the server.
valid client certificate but the client is not required to return one. If the client does
return a certificate, it must be trusted by the server.
Complete the following steps to define client authentication on the DNCS.
1 Is client authentication required for the BOSS web service?
1 Is client authentication required for the BOSS web service?
If yes, go to step 2.
If no, complete the following steps to disable client authentication.
a Use a text editor to open the /etc/apache2/user-
conf/SAIdncs.bossreq.auth.conf file.
b Change “optional” to “none” in the SSLVerifyClient line.
Example:
SSLVerifyClient none
c Save and close the file.
d Type the following command and press Enter to verify that the file was
d Type the following command and press Enter to verify that the file was
updated successfully:
grep SSLVerifyClient /etc/apache2/user-
conf/SAIdncs.bossreq.auth.conf
conf/SAIdncs.bossreq.auth.conf
Result: Output should look similar to the following example:
SSLVerifyClient none
e Is the BOSS web service configured to operate on the same web instance as
the web UI?
– If yes, complete the following steps to disable client authentication on the
single web instance:
i Use a text editor to open the /etc/apache2/user-conf/443.auth.conf file.
ii Change “optional” to “none” in the SSLVerifyClient optional line.
ii Change “optional” to “none” in the SSLVerifyClient optional line.
Example:
SSLVerifyClient none
iii Save and close the file.
– If no, go to step f.
– If no, go to step f.
f Go to step 17.
2 Complete the following steps to concatenate the DNCS client private key and
client certificate into the bossclient.key file.