1-4
HTTPS Configuration Example
Network requirements
z Host acts as the HTTPS client and Device acts as the HTTPS server.
z Host accesses Device through Web to control Device.
z CA (Certificate Authority) issues certificate to Device. The common name of CA is new-ca.
In this configuration example, Windows Server serves as CA and you need to install Simple Certificate
Enrollment Protocol (SCEP) component.
Figure 1-1 Network diagram for HTTPS configuration
Configuration procedure
Perform the following configurations on Device:
1) Apply for a certificate for Device
# Configure a PKI entity.
<Device> system-view
[Device] pki entity en
[Device-pki-entity-en] common-name http-server1
[Device-pki-entity-en] fqdn ssl.security.com
[Device-pki-entity-en] quit
# Configure a PKI domain.
[Device] pki domain 1
[Device-pki-domain-1] ca identifier new-ca
[Device-pki-domain-1] certificate request url http://10.1.2.2:8080/certsrv/mscep/mscep.dll
[Device-pki-domain-1] certificate request from ra
[Device-pki-domain-1] certificate request entity en
[Device-pki-domain-1] quit
# Generate a local RSA key pair.
[Device] public-key local create rsa
# Obtain a server certificate from CA.
To Next Page
Loading...