Ssl server policy configuration example, Network requirements, Network diagram – H3C Technologies H3C WX6000 Series Access Controllers User Manual

66-3

To do...

Use the command...

Remarks

Configure the SSL connection
close mode

close-mode wait

Optional
Not wait by default

Set the maximum number of
cached sessions and the caching
timeout time

session

{ cachesize size |

timeout time

} *

Optional
The defaults are as follows:
500 for the maximum number of
cached sessions,
3600 seconds for the caching
timeout time.

Enable certificate-based SSL client
authentication

client-verify enable

Optional
Not enabled by default

If you enable client authentication here, you must request a local certificate for the client.

SSL Server Policy Configuration Example

Network requirements

z

An AC works as the HTTPS server.

z

A host works as the client and accesses the HTTPS server through HTTP secured with SSL.

z

A certificate authentication (CA) issues a certificate to the AC.

In this instance, Windows Server works as the CA and the Simple Certificate Enrollment Protocol
(SCEP) plug-in is installed on the CA.

Network diagram

Figure 66-2

Network diagram for SSL server policy configuration

Vlan-int2

10.1.1.1/24

Vlan-int3
10.1.2.1/24

Host

CA

10.1.1.2/24

10.1.2.2/24

AC