1216 CHAPTER 96: HTTPS CONFIGURATION
■ Host accesses Switch through Web to control Switch.
■ CA (Certificate Authority) issues certificate to Switch. The common name of
CA is new-ca.
c
CAUTION: In this configuration example, Windows Server serves as CA and you
need to install Simple Certificate Enrollment Protocol (SCEP) component.
Network diagram
Figure 359 Network diagram for HTTPS configuration
Configuration procedure
Perform the following configurations on Switch:
1 Apply for a certificate for Switch
# Configure a PKI entity.
<Switch> system-view
[Switch] pki entity en
[Switch-pki-entity-en] common-name http-server1
[Switch-pki-entity-en] fqdn ssl.security.com
[Switch-pki-entity-en] quit
# Configure a PKI domain.
[Switch] pki domain 1
[Switch-pki-domain-1] ca identifier ca1
[Switch-pki-domain-1] certificate request url http://10.1.2.2:8080/certsrv/mscep/mscep.dll
[Switch-pki-domain-1] certificate request from ra
[Switch-pki-domain-1] certificate request entity en
[Switch-pki-domain-1] quit
# Generate a key pair locally by using the RSA algorithm.
[Switch] public-key local create rsa
# Obtain a server certificate from CA.
[Switch] pki retrieval-certificate ca domain 1
# Apply for a local certificate.
[Switch] pki request-certificate domain 1
Vlan-int2
10.1.1.1/24
Vlan-int3
10.1.2.1/24
Host CA
10.1.1.2/24 10.1.2.2/24
Switch
To Next Page
Loading...
