Displaying and maintaining https, Https configuration example, Network requirements – H3C Technologies H3C S3600 Series Switches User Manual

1-4

HTTPS Configuration Example

Network requirements

z

Host acts as the HTTPS client and Device acts as the HTTPS server.

z

Host accesses Device through Web to control Device.

z

CA (Certificate Authority) issues certificate to Device. The common name of CA is new-ca.

In this configuration example, Windows Server serves as CA and you need to install Simple Certificate

Enrollment Protocol (SCEP) component.

Figure 1-1 Network diagram for HTTPS configuration

Configuration procedure

Perform the following configurations on Device:

1) Apply for a certificate for Device

# Configure a PKI entity.

system-view

[Device] pki entity en

[Device-pki-entity-en] common-name http-server1

[Device-pki-entity-en] fqdn ssl.security.com

[Device-pki-entity-en] quit

# Configure a PKI domain.

[Device] pki domain 1

[Device-pki-domain-1] ca identifier new-ca

[Device-pki-domain-1] certificate request url http://10.1.2.2:8080/certsrv/mscep/mscep.dll

[Device-pki-domain-1] certificate request from ra

[Device-pki-domain-1] certificate request entity en

[Device-pki-domain-1] quit

# Generate a local RSA key pair.

[Device] public-key local create rsa

# Obtain a server certificate from CA.