Cisco Headend Digital Broadband Delivery System

 

84 

4034689 Rev A 

Client authentication is optional for the DNCS BOSS web service. The BOSS web 
service does not require client authentication by default.  

When client authentication is required by an HTTP-S Server, the HTTP-S client must 
provide a valid client certificate. When client authentication is optional for an HTTP-
S Server, the server requests a valid client certificate but the client is not required to 
return one. If the client does return a certificate, it must be trusted by the server.  

Complete the following steps to define client authentication on the DNCS. 
1  Is client authentication required for the BOSS web service? 



 

If yes, go to step 2. 



 

If no, complete the following steps to disable client authentication. 
a  Use a text editor to open the /etc/apache2/user-

conf/SAIdncs.bossreq.auth.conf file. 

b  Change “optional” to “none” in the SSLVerifyClient line. 

Example: 

SSLVerifyClient none

 

c  Save and close the file. 
d  Type the following command and press Enter to verify that the file was 

updated successfully: 

grep SSLVerifyClient /etc/apache2/user-
conf/SAIdncs.bossreq.auth.conf 

 

Result: Output should look similar to the following example: 

SSLVerifyClient none

 

e  Is the BOSS web service configured to operate on the same web instance 

as the web UI? 


  If yes, complete the following steps to disable client authentication on 

the single web instance: 
1)  Use a text editor to open the /etc/apache2/user-
conf/443.auth.conf file. 
2)  Change “optional” to “none” in the SSLVerifyClient optional line. 
3)

 

Save and close the file. 



  If no, go to step f. 

f  Go to step 17.