EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #403 background imageLoading...
Page #403 background image
390
# Enable client authentication.
[Device-ssl-server-policy-myssl] client-verify enable
[Device-ssl-server-policy-myssl] quit
# Configure the HTTPS service to use SSL server policy myssl.
[Device] ip https ssl-server-policy myssl
# Enable the HTTPS service.
[Device] ip https enable
# Create a local user named usera, and set the password to 123 and service type to web.
[Device] local-user usera
[Device-luser-usera] password simple 123
[Device-luser-usera] service-type web
2. Configure the HTTPS client on Host:
On Host, launch IE, enter http://10.1.2.2/certsrv in the address bar, and request a certificate
for Host as prompted.
Verifying the configuration:
Perform the following tasks on the Host:
1. Launch IE and enter https://10.1.1.1 in the address bar.
2. Select the certificate issued by the CA server.
The Web interface of the device appears.
3. Enter username usera and password 123.
Verify that now you can log in to the Web interface to access and manage the device.
For more information about configuring PKI commands, see "Configuring PKI." For more information
about the public-key local create rsa command, see HPE FlexNetwork MSR Router Series
Comware 5 Security Command Reference. For more information about HTTPS, see HPE
FlexNetwork MSR Router Series Comware 5 Fundamentals Configuration Guide.
In FIPS mode, only TLS 1.0 is supported.
Troubleshooting SSL
SSL handshake failure
Symptom
As the SSL server, the device fails to handshake with the SSL client.
Analysis
SSL handshake failure might result from the following causes:
• The SSL client is configured to authenticate the SSL server, but the SSL server has no
certificate or the certificate is not trusted.
• The SSL server is configured to authenticate the SSL client, but the SSL client has no certificate
or the certificate is not trusted.
• The server and the client have no matching cipher suite.
Solution
1. Issue the debugging ssl command and view the debugging information to locate the problem:
{ If the SSL client is configured to authenticate the SSL server but the SSL server has no
certificate, request one for it.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals