Configuration procedure – H3C Technologies H3C WX6000 Series Access Controllers User Manual

66-4

Configuration procedure

1) Request a certificate for AC

# Create a PKI entity named en and configure it.

system-view

[Sysname] pki entity en

[Sysname-pki-entity-en] common-name http-server1

[Sysname-pki-entity-en] fqdn ssl.security.com

[Sysname-pki-entity-en] quit

# Create a PKI domain and configure it.

[Sysname] pki domain 1

[Sysname-pki-domain-1] ca identifier ca1

[Sysname-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll

[Sysname-pki-domain-1] certificate request from ra

[Sysname-pki-domain-1] certificate request entity en

[Sysname-pki-domain-1] quit

# Create a local key pair through RSA.

[Sysname] public-key local create rsa

# Retrieve the CA certificate.

[Sysname] pki retrieval-certificate ca domain 1

# Request a local certificate.

[Sysname] pki request-certificate domain 1

2) Configure an SSL server policy

# Create an SSL server policy named myssl.

[Sysname] ssl server-policy myssl

# Specify the PKI domain for the SSL server policy as 1.

[Sysname-ssl-server-policy-myssl] pki-domain 1

# Enable client authentication.

[Sysname-ssl-server-policy-myssl] client-verify enable

[Sysname-ssl-server-policy-myssl] quit

3) Associate HTTPS service with the SSL server policy and enable HTTPS service

# Configure HTTPS service to use SSL server policy myssl.

[Sysname] ip https ssl-server-policy myssl

# Enable HTTPS service.

[Sysname] ip https enable

4) Verify your configuration

Launch IE on the host and enter https://10.1.1.1 in the address bar. You should be able to log in to AC
and manage it.