722
SSL commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see Security Configuration Guide.
The following matrix shows the feature and hardware compatibility:
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/8
10-W-LM-HK/810-LMS/810-LUS
Yes
MSR2600-10-X1 Yes
MSR 2630 Yes
MSR3600-28/3600-51 Yes
MSR3600-28-SI/3600-51-SI No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC Yes
MSR 3610/3620/3620-DP/3640/3660 Yes
MSR5620/5660/5680 Yes
certificate-chain-sending enable
Use certificate-chain-sending enable to enable the SSL server to send the complete certificate
chain to the client during SSL negotiation.
Use undo certificate-chain-sending enable to restore the default.
Syntax
certificate-chain-sending enable
undo certificate-chain-sending enable
Default
During SSL negotiation, the SSL server sends the server certificate rather than the complete
certificate chain to the client.
Views
SSL server policy view
Predefined user roles
network-admin
Usage guidelines
This feature causes additional overheads in the SSL negotiation process. Enable it only when the
SSL client do not have the complete certificate chain to verify the server certificate.
Examples
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] certificate-chain-sending enable
To Next Page
Loading...
Need help?
General
