Configuring an ssl client policy, Configuration prerequisites, Configuration procedure – H3C Technologies H3C WX6000 Series Access Controllers User Manual

66-5

z

For details about PKI configuration commands, refer to PKI in H3C WX6103 Access Controller

Switch Interface Board Command Reference

.

z

For details about the public-key local create rsa command, refer to SSH in H3C WX6103 Access

Controller Switch Interface Board Command Reference

.

Configuring an SSL Client Policy

An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.

Configuration Prerequisites

Before configuring an SSL client policy, you must configure a PKI domain. For details about PKI domain
configuration, refer to PKI in H3C WX6103 Access Controller Switch Interface Board Configuration

Guide

.

Configuration Procedure

Follow these steps to configure an SSL client policy:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Create an SSL client policy and
enter its view

ssl client-policy

policy-name

Required

Specify a PKI domain for the SSL
client policy

pki-domain domain-name

Required
No PKI domain is configured by
default.

Specify the preferred cipher suite
for the SSL client policy

prefer-cipher
{ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha

|

rsa_rc4_128_md5

|

rsa_rc4_128_sha

}

Optional

rsa_rc4_128_md5

by default

Specify the SSL protocol version
for the SSL client policy

version

{ ssl3.0 | tls1.0 }

Optional
TLS 1.0 by default

If you enable client authentication on the server, you must request a local certificate for the client.