Configuring an ssl client policy, Configuration prerequisites, Configuration procedure – H3C Technologies H3C S3600 Series Switches User Manual
Page 1193
1-6
# Configure the system to strip domain name off a user name before transmitting the user name to the
RADIUS server.
[Sysname-radius-radius1] user-name-format without-domain
[Sysname-radius-radius1] quit
# Create ISP domain aabbcc.net for Web authentication users and enter the domain view.
[Sysname] domain aabbcc.net
# Configure domain aabbcc.net as the default user domain.
[Sysname] domain default enable aabbcc.net
# Reference scheme radius1 in domain aabbcc.net.
[Sysname-isp-aabbcc.net] scheme radius-scheme radius1
# Enable Web authentication globally. (It is recommended to take this step as the last step, so as to
avoid the case that a valid user cannot access the network due to that some other related configurations
are not finished.)
[Sysname] web-authentication enable
Now, Web authentication takes effect. Before the user passes the Web authentication, it cannot access
external networks and can only access the free resource.
The user can perform the following steps to access the Internet:
Step 1: Enter http://10.10.10.10:8080 in the address column of IE.
Step 2: Enter the correct user name and password and then click [login]. The following page will be
displayed: ”Authentication passed!”.
Now the user can access external networks.
Configuring an SSL Client Policy
An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.
Configuration Prerequisites
If the SSL server is configured to authenticate the SSL client, when configuring the SSL client policy,
you need to specify the PKI domain to be used for obtaining the certificate of the client. Therefore,
before configuring an SSL client policy, you must configure a PKI domain.
Configuration Procedure
Follow these steps to configure an SSL client policy:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create an SSL client policy and
enter its view
ssl client-policy policy-name
Required
Specify a PKI domain for the
SSL client policy
pki-domain domain-name
Optional
No PKI domain is configured by
default.