1214 CHAPTER 96: HTTPS CONFIGURATION
Associating the HTTPS
Service with an SSL
Server Policy
You need to associate the HTTPS service with a created SSL server policy before
enabling the HTTPS service.
Follow these steps to associate the HTTPS service with an SSL server policy:
n
■ If the ip https ssl-server-policy command is executed repeatedly, the HTTPS
service is only associated with the last specified SSL server policy.
■ When the HTTPS service is disabled, the association between the HTTPS service
and the SSL server is automatically removed. To enable it again, you need to
re-associate the HTTPS service with an SSL server policy.
■ When the HTTPS service is enabled, no modification of its associated SSL server
policy takes effect.
Enabling the HTTPS
Service
Before configuring the HTTPS, make sure that the HTTPS server is enabled.
Otherwise, other related configurations cannot take effect.
Follow these steps to enable the HTTPS service:
n
■ After the HTTPS service is enabled, you can use the display ip https command
to view the state of the HTTPS service and verify the configuration.
■ Enabling of the HTTPS service will trigger an SSL handshake negotiation
process. During the process, if the local certificate of the device already exists,
the SSL negotiation is successfully performed, and the HTTPS service can be
started normally. If no local certificate exists, a certificate application process
will be triggered by the SSL negotiation. Since the application process takes
much time, the SSL negotiation may fail and the HTTPS service cannot be
started normally. Therefore, the ip https enable command must be executed
for multiple times to ensure normal startup of the HTTPS service.
“Associating the HTTPS Service with an ACL” on page 1215 Optional
Configuration task Remarks
To do… Use the command… Remarks
Enter system view system-view -
Associate the HTTPS service
with an SSL server policy
ip https ssl-server-policy
policy-name
Required
Not associated by default
To do… Use the command… Remarks
Enter system view system-view -
Enable the HTTPS service ip https enable Required
Disabled by default.
To Next Page
Loading...
