Configuring an ssl client policy, Configuration prerequisites, Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

321

# Create an SSL server policy named myssl.

[AC] ssl server-policy myssl

# Specify the PKI domain for the SSL server policy as 1.

[AC-ssl-server-policy-myssl] pki-domain 1

# Enable client authentication.

[AC-ssl-server-policy-myssl] client-verify enable

[AC-ssl-server-policy-myssl] quit

3.

Associate HTTPS service with the SSL server policy and enable HTTPS service:
# Configure HTTPS service to use SSL server policy myssl.

[AC] ip https ssl-server-policy myssl

# Enable HTTPS service.

[AC] ip https enable

4.

Verify your configuration:
Launch IE on the client and enter https://10.1.1.1 in the address bar. You should be able to log
in to the AC and manage it.

NOTE:

For more information about PKI configuration commands and the public-key local create rsa command,
see

Security Command Reference.

Configuring an SSL client policy

An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.

Configuration prerequisites

If the SSL server is configured to authenticate the SSL client, you must configure the PKI domain for the SSL
client policy to use to obtain the certificate of the client. For more information about PKI domain

configuration, see "Configuring PKI."

Configuration procedure

To configure an SSL client policy:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an SSL client policy

and enter its view.

ssl client-policy policy-name

N/A