User's Manual
3-67
Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference
OL-7029-01
Chapter 3 Commands Specific to the Content Switching Module with SSL
ssl-proxy service
In most cases, all of the SSL-server-proxy configurations that are performed are also valid for the 
SSL-client-proxy configuration, except for the following:
• You must configure a certificate for the SSL-server-proxy but you do not have to configure a 
certificate for the SSL-client-proxy. If you configure a certificate for the SSL-client-proxy, that 
certificate is sent in response to the certificate request message that is sent by the server during the 
client-authentication phase of the handshake protocol.
• The SSL policy is attached to the virtual subcommand for ssl-server-proxy where as it is attached to 
server SSL-client-proxy subcommand.
Enter each proxy-service or proxy-client configuration submode command on its own line. 
Table 3-8 lists the commands that are available in proxy-service or proxy-client configuration submode.
Table 3-8 Proxy-service Configuration Submode Command Descriptions
Syntax Description
authenticate verify {all | signature-only} Configures the method for certificate verification. You can specify the 
following:
• all—Verifies CRLs and signature authority.
• signature-only—Verifies the signature only.
certificate rsa general-purpose trustpoint 
trustpoint-name
Configures the certificate with RSA general-purpose keys and associates a 
trustpoint to the certificate.
default {certificate | inservice | nat | server 
| virtual}
Sets a command to its default settings.
exit Exits from proxy-service or proxy-client configuration submode.
help Provides a description of the interactive help system.
inservice  Declares a proxy server or client as administratively up.
nat {server | client natpool-name} Specifies the usage of either server NAT or client NAT for the server-side 
connection that is opened by the Content Switching Module with SSL.
policy urlrewrite policy-name Applies a URL rewrite policy to a proxy server.
server ipaddr ip-addr protocol protocol 
port portno [sslv2]
Defines the IP address of the target server for the proxy server. You can also 
specify the port number and the transport protocol. The target IP address can 
be a virtual IP address of an SLB device or a real IP address of a web server. 
The sslv2 keyword specifies the server that is used for handling SSL 
version 2 traffic.
server policy tcp 
server-side-tcp-policy-name
Applies a TCP policy to the server side of a proxy server. You can specify the 
port number and the transport protocol. 
trusted-ca ca-pool-name Applies a trusted certificate authenticate configuration to a proxy server.
virtual {ipaddr ip-addr} {protocol 
protocol} {port portno} secondary
Defines the virtual IP address of the virtual server to which the STE is 
proxying. You can also specify the port number and the transport protocol. 
The valid values for protocol are tcp; valid values for portno is from 1 to 
65535. The secondary keyword (required) prevents the STE from replying to 
the ARP request coming to the virtual IP address.
virtual {policy ssl ssl-policy-name} Applies an SSL policy with the client side of a proxy server.
virtual {policy tcp 
client-side-tcp-policy-name} 
Applies a TCP policy to the client side of a proxy server.










