Ssl server policy configuration example, Network requirements, Configuration procedure – H3C Technologies H3C S3600 Series Switches User Manual

1-4

z

If you enable client authentication here, you must request a local certificate for the client.

z

Currently, SSL mainly comes in these versions: SSL 2.0, SSL 3.0, and TLS 1.0, where TLS 1.0

corresponds to SSL 3.1. When the device acts as an SSL server, it can communicate with clients

running SSL 3.0 or TLS 1.0, and can identify Hello packets from clients running SSL 2.0. If a client

running SSL 2.0 also supports SSL 3.0 or TLS 1.0 (information about supported versions is carried

in the packet that the client sends to the server), the server will notify the client to use SSL 3.0 or

TLS 1.0 to communicate with the server.

SSL Server Policy Configuration Example

Network requirements

z

The switch offers Web authentication to preform access authentication for clients.

z

The client opens the authentication page in SSL-based HTTPS mode, thus guaranteeing

information transmission security.

z

A CA issues a certificate to Switch.

In this instance, Windows Server works as the CA and the Simple Certificate Enrollment Protocol

(SCEP) plug-in is installed on the CA.

Figure 1-3 Network diagram for SSL server policy configuration

Configuration procedure

1) Request a certificate for Switch

# Create a PKI entity named en and configure it.

system-view

[Switch] pki entity en

[Switch-pki-entity-en] common-name http-server1

[Switch-pki-entity-en] fqdn ssl.security.com