Manualsbrain.com
  1. Инструкции и руководства
  2. Бренды
  3. Cisco
  4. Cisco Firepower Management Center 2000
  5. Руководство Разработчика

Руководство Разработчика для Cisco Cisco Firepower Management Center 2000

Скачать
Страница из 726
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
18
Understanding the eStreamer Application Protocol
Understanding eStreamer Communication Stages
Chapter 2
Establishing an Authenticated Connection
Before a client can request data from eStreamer, the client must initiate an 
SSL-enabled TCP connection with the eStreamer service. When the client 
initiates the connection, the eStreamer server responds, initiating an SSL 
handshake with the client. As part of the SSL handshake, the eStreamer server 
requests the client’s authentication certificate, and verifies that the certificate is 
valid (signed by the Internal Certifying Authority [Internal CA] on the eStreamer 
server). 
IMPORTANT!
Sourcefire recommends that you also require your client to verify 
that the certificate presented by the eStreamer server has been signed by a 
trusted Certifying Authority. This is the Internal CA certificate included in the 
PKCS#12 file that Sourcefire provides when you register a new eStreamer client 
with the Defense Center or managed device. Se
 on page 407 for more information.
After the SSL session is established, the eStreamer server performs an additional 
post-connection verification of the certificate. This includes verifying that the 
client connection originates from the host specified in the certificate and that the 
subject name of the certificate contains the appropriate value. If either 
post-connection check fails, the eStreamer server closes the connection. If 
necessary, you can configure the eStreamer service so that it does not perform a 
client host name check (see 
information). 
While the client is not required to perform post-connection verification, Sourcefire 
recommends that the client perform this verification step. The authentication 
certificate contains the following field values in the subject name of the 
certificate:
After the post-connection verification is finished, the eStreamer server awaits a 
data request from the client.
Certificate Subject Name Fields 
F
IELD
V
ALUE
title
estreamer
generationQualifier
server