Cisco Headend Digital Broadband Delivery System
Chapter 7 DNCS Web Services Security
84
4034689 Rev A
Configure Client Authentication for the BOSS Web Service
Client authentication is optional for the DNCS BOSS web service. The BOSS web
service does not require client authentication by default.
service does not require client authentication by default.
When client authentication is required by an HTTP-S Server, the HTTP-S client must
provide a valid client certificate. When client authentication is optional for an HTTP-
S Server, the server requests a valid client certificate but the client is not required to
return one. If the client does return a certificate, it must be trusted by the server.
provide a valid client certificate. When client authentication is optional for an HTTP-
S Server, the server requests a valid client certificate but the client is not required to
return one. If the client does return a certificate, it must be trusted by the server.
Complete the following steps to define client authentication on the DNCS.
1 Is client authentication required for the BOSS web service?
1 Is client authentication required for the BOSS web service?
If yes, go to step 2.
If no, complete the following steps to disable client authentication.
a Use a text editor to open the /etc/apache2/user-
a Use a text editor to open the /etc/apache2/user-
conf/SAIdncs.bossreq.auth.conf file.
b Change “optional” to “none” in the SSLVerifyClient line.
Example:
SSLVerifyClient none
c Save and close the file.
d Type the following command and press Enter to verify that the file was
d Type the following command and press Enter to verify that the file was
updated successfully:
grep SSLVerifyClient /etc/apache2/user-
conf/SAIdncs.bossreq.auth.conf
conf/SAIdncs.bossreq.auth.conf
Result: Output should look similar to the following example:
SSLVerifyClient none
e Is the BOSS web service configured to operate on the same web instance
as the web UI?
If yes, complete the following steps to disable client authentication on
the single web instance:
1) Use a text editor to open the /etc/apache2/user-
conf/443.auth.conf file.
2) Change “optional” to “none” in the SSLVerifyClient optional line.
3)
1) Use a text editor to open the /etc/apache2/user-
conf/443.auth.conf file.
2) Change “optional” to “none” in the SSLVerifyClient optional line.
3)
Save and close the file.
If no, go to step f.
f Go to step 17.