1210 CHAPTER 95: SSL CONFIGURATION
[Sysname-pki-domain-1] certificate request from ra
[Sysname-pki-domain-1] certificate request entity en
[Sysname-pki-domain-1] quit
# Create a local key pair through RSA.
[Sysname] public-key local create rsa
# Retrieve the CA certificate.
[Sysname] pki retrieval-certificate ca domain 1
# Request a local certificate.
[Sysname] pki request-certificate domain 1
2 Configure an SSL server policy
# Create an SSL server policy named myssl.
[Sysname] ssl server-policy myssl
# Specify the PKI domain for the SSL server policy as 1.
[Sysname-ssl-server-policy-myssl] pki-domain 1
# Enable client authentication.
[Sysname-ssl-server-policy-myssl] client-verify enable
[Sysname-ssl-server-policy-myssl] quit
3 Associate HTTPS service with the SSL server policy and enable HTTPS service
# Configure HTTPS service to use SSL server policy myssl.
[Sysname] ip https ssl-server-policy myssl
# Enable HTTPS service.
[Sysname] ip https enable
4 Verify your configuration
Launch IE on the host and enter https://10.1.1.1 in the address bar. You should be
able to log in to the switch and manage it.
n
■ For details about PKI configuration commands, refer to “PKI Configuration” on
page 1219.
■ For details about the public-key local create rsa command, refer to “SSH
Configuration” on page 1107.
Configuring an SSL
Client Policy
An SSL client policy is a set of SSL parameters for a client to use when connecting
to the server. An SSL client policy takes effect only after it is associated with an
application layer protocol.
To Next Page
Loading...
