Ssl server policy configuration example, Network requirements, Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

320

SSL server policy configuration example

Network requirements

Configure the AC to operate as an HTTP Security (HTTPS) server so that the client accesses the HTTPS

server through HTTPS. Configure a CA server to issue certificates.

NOTE:
•

In this example, Windows Server operates as the CA server and the Simple Certificate Enrollment
Protocol (SCEP) plug-in is installed on the CA server.

•

Before performing the following configurations, make sure that the device, the host, and the CA server
can reach each other.

Figure 139 Network diagram

Configuration procedure

1.

Request a certificate for the AC:
# Create a PKI entity named en and configure it.

system-view

[AC] pki entity en

[AC-pki-entity-en] common-name http-server1

[AC-pki-entity-en] fqdn ssl.security.com

[AC-pki-entity-en] quit

# Create a PKI domain and configure it.

[AC] pki domain 1

[AC-pki-domain-1] ca identifier ca1

[AC-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/ mscep.dll

[AC-pki-domain-1] certificate request from ra

[AC-pki-domain-1] certificate request entity en

[AC-pki-domain-1] quit

# Create the local RSA key pairs.

[AC] public-key local create rsa

# Retrieve the CA certificate.

[AC] pki retrieval-certificate ca domain 1

# Request a local certificate.

[AC] pki request-certificate domain 1

2.

Configure an SSL server policy:

IP network

AC

CA

10.1.2.2/24

AP

Client

10.1.1.2/24

Vlan-int2

10.1.1.1/24

Vlan-int3
10.1.2.1/24