283
To do... Use the command...
Remarks
Set the SSL connection close mode close-mode wait
Optional
Not wait by default
Set the maximum number of
cached sessions and the caching
timeout time
session { cachesize size | timeout
time } *
Optional
The defaults are as follows:
• 500 for the maximum number
of cached sessions,
• 3600 seconds for the caching
timeout time.
Enable certificate-based SSL client
authentication
client-verify enable
Optional
Not enabled by default
NOTE:
• If you enable client authentication here, you must request a local certificate for the client.
• SSL mainly comes in these versions: SSL 2.0, SSL 3.0, and TLS 1.0, where TLS 1.0 corresponds to SSL 3.1.
When the device acts as an SSL server, it can communicate with clients runnin
SSL 3.0 or TLS 1.0, and
can identify Hello packets from clients running SSL 2.0. If a client runnin
SSL 2.0 also supports SSL 3.0
or TLS 1.0 (information about supported versions is carried in the packet that the client sends to the
server), the server will notify the client to use SSL 3.0 or TLS 1.0 to communicate with the server.
SSL server policy configuration example
Network requirements
As shown in Figure 103, users can access and control the device through web pages. For security of the
device, users must use HTTPS (HTTP Security, which uses SSL) to log in to the web interface of the device
and use SSL for identity authentication to ensure that data will not be eavesdropped or tampered with.
To achieve the goal, perform the following configurations:
• Configure Device to work as the HTTPS server and request a certificate for Device.
• Request a certificate for Host so that Device can authenticate the identity of Host.
• Configure a CA server to issue certificates to Device and Host.
NOTE:
• In this example, Windows Server works as the CA server and the Simple Certificate Enrollment Protocol
(SCEP) plug-in is installed on the CA server.
• Before performing the following configurations, ensure that the device, the host, and the CA server can
reach each other.
To Next Page
Loading...
Need help?
General