Configuring an SSL Server Policy 1209
n
If you enable client authentication here, you must request a local certificate for the
client.
SSL Server Policy
Configuration Example
Network requirements
■ A switch works as the HTTPS server.
■ A host works as the client and accesses the HTTPS server through HTTP secured
with SSL.
■ A certificate authentication (CA) issues a certificate to the switch.
c
CAUTION: In this instance, Windows Server works as the CA and the Simple
Certificate Enrollment Protocol (SCEP) plug-in is installed on the CA.
Network diagram
Figure 358 Network diagram for SSL server policy configuration
Configuration procedure
1 Request a certificate for the switch
# Create a PKI entity named en and configure it.
<Sysname> system-view
[Sysname] pki entity en
[Sysname-pki-entity-en] common-name http-server1
[Sysname-pki-entity-en] fqdn ssl.security.com
[Sysname-pki-entity-en] quit
# Create a PKI domain and configure it.
[Sysname] pki domain 1
[Sysname-pki-domain-1] ca identifier ca1
[Sysname-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll
Set the maximum number
of cached sessions and the
caching timeout time
session { cachesize size |
timeout time } *
Optional
The defaults are as follows:
500 for the maximum number of
cached sessions,
3600 seconds for the caching
timeout time.
Enable certificate-based
SSL client authentication
client-verify enable Optional
Not enabled by default
To do… Use the command… Remarks
Vlan-int2
10.1.1.1/24
Vlan-int3
10.1.2.1/24
Host CA
10.1.1.2/24 10.1.2.2/24
Switch
To Next Page
Loading...
