3Com 4210G Series

To Next Page

To Previous Page

15-5

Figure 15-1 Network diagram for HTTPS configuration

Configuration procedure

Perform the following configurations on Device:

1) Apply for a certificate for Device

# Configure a PKI entity.

<Device> system-view

[Device] pki entity en

[Device-pki-entity-en] common-name http-server1

[Device-pki-entity-en] fqdn ssl.security.com

[Device-pki-entity-en] quit

# Configure a PKI domain.

[Device] pki domain 1

[Device-pki-domain-1] ca identifier new-ca

[Device-pki-domain-1] certificate request url http://10.1.2.2:8080/certsrv/mscep/mscep.dll

[Device-pki-domain-1] certificate request from ra

[Device-pki-domain-1] certificate request entity en

[Device-pki-domain-1] quit

# Generate a local RSA key pair.

[Device] public-key local create rsa

# Obtain a server certificate from CA.

[Device] pki retrieval-certificate ca domain 1

# Apply for a local certificate.

[Device] pki request-certificate domain 1

2) Configure an SSL server policy associated with the HTTPS service

# Configure an SSL server policy.

[Device] ssl server-policy myssl

[Device-ssl-server-policy-myssl] pki-domain 1

[Device-ssl-server-policy-myssl] client-verify enable

[Device-ssl-server-policy-myssl] quit

3) Configure a certificate access control policy

# Configure a certificate attribute group.

[Device] pki certificate attribute-group mygroup1

[Device-pki-cert-attribute-group-mygroup1] attribute 1 issuer-name dn ctn new-ca

[Device-pki-cert-attribute-group-mygroup1] quit

3Com 4210G Series - Page 943