Cisco Cisco Firepower Management Center 2000 Guida Dello Sviluppatore
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
18
Understanding the eStreamer Application Protocol
Understanding eStreamer Communication Stages
Chapter 2
Establishing an Authenticated Connection
Before a client can request data from eStreamer, the client must initiate an
SSL-enabled TCP connection with the eStreamer service. When the client
initiates the connection, the eStreamer server responds, initiating an SSL
handshake with the client. As part of the SSL handshake, the eStreamer server
requests the client’s authentication certificate, and verifies that the certificate is
valid (signed by the Internal Certifying Authority [Internal CA] on the eStreamer
server).
IMPORTANT!
Sourcefire recommends that you also require your client to verify
that the certificate presented by the eStreamer server has been signed by a
trusted Certifying Authority. This is the Internal CA certificate included in the
PKCS#12 file that Sourcefire provides when you register a new eStreamer client
with the Defense Center or managed device. See
on page 407 for more information.
After the SSL session is established, the eStreamer server performs an additional
post-connection verification of the certificate. This includes verifying that the
client connection originates from the host specified in the certificate and that the
subject name of the certificate contains the appropriate value. If either
post-connection check fails, the eStreamer server closes the connection. If
necessary, you can configure the eStreamer service so that it does not perform a
client host name check (see
on page 413 for more
information).
While the client is not required to perform post-connection verification, Sourcefire
While the client is not required to perform post-connection verification, Sourcefire
recommends that the client perform this verification step. The authentication
certificate contains the following field values in the subject name of the
certificate:
After the post-connection verification is finished, the eStreamer server awaits a
data request from the client.
Certificate Subject Name Fields
F
IELD
V
ALUE
title
estreamer
generationQualifier
server