Configuration prerequisites, Configuration procedure – H3C Technologies H3C S3600 Series Switches User Manual
Page 1190
1-3
Configuration Prerequisites
When configuring an SSL server policy, you need to specify the PKI domain to be used for obtaining the
server side certificate. Therefore, before configuring an SSL server policy, you must configure a PKI
domain.
Configuration Procedure
Follow these steps to configure an SSL server policy:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Create an SSL server policy
and enter its view
ssl server-policy policy-name
Required
Specify a PKI domain for the
SSL server policy
pki-domain domain-name
Required
By default, no PKI domain is
specified for an SSL server
policy.
Specify the cipher suite(s) for
the SSL server policy to
support
ciphersuite
[ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *
Optional
By default, an SSL server
policy supports all cipher
suites.
Set the handshake timeout time
for the SSL server
handshake timeout time
Optional
3,600 seconds by default
Configure the SSL connection
close mode
close-mode wait
Optional
Not wait by default
Set the maximum number of
cached sessions and the
caching timeout time
session { cachesize size |
timeout time } *
Optional
The defaults are as follows:
500 for the maximum number
of cached sessions,
3600 seconds for the caching
timeout time.
Enable certificate-based SSL
client authentication
client-verify enable
Optional
Not enabled by default