347
Ste
Command
Remarks
1. Enter system view. system-view
N/A
2. Create an SSL server policy
and enter its view.
ssl server-policy policy-name N/A
3. Specify a PKI domain for the
SSL server policy.
pki-domain domain-name
Optional.
By default, no PKI domain is
specified for an SSL server policy.
The SSL server generates a
certificate itself instead of
requesting one from the CA.
After you specify a PKI domain, the
SSL server requests a certificate
through the PKI domain.
If the client requires
certificate-based authentication for
the SSL server, you must use this
command to specify a PKI domain.
For more information about PKI
domain configuration, see
"Configuring PKI."
4. Specify the cipher suites for
the SSL server policy to
support.
• In non-FIPS mode:
ciphersuite
[ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *
• In FIPS mode:
ciphersuite
[ rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha ] *
Optional.
By default, an SSL server policy
supports all cipher suites.
5. Set the handshake timeout
time for the SSL server.
handshake timeout time
Optional.
3600 seconds by default.
6. Set the SSL connection close
mode.
close-mode wait
Optional.
By default, an SSL server sends a
close-notify alert message to the
client and closes the connection
without waiting for the close-notify
alert message from the client.
7. Set the maximum number of
cached sessions and the
caching timeout time.
session { cachesize size | timeout
time } *
Optional.
The defaults are as follows:
• 500 for the maximum number
of cached sessions.
• 3600 seconds for the caching
timeout time.
8. Enable the SSL server to
perform digital
certificate-based
authentication for SSL clients.
client-verify enable
Optional.
By default, the SSL server does not
require clients to be authenticated.
To Next Page
Loading...
Need help?
General