Associating the https service with an acl – H3C Technologies H3C WX6000 Series Access Controllers User Manual

67-3

Associating the HTTPS Service with a Certificate Attribute Access
Control Policy

Associating the HTTPS service with a configured certificate access control policy helps control the
access right of the client, thus providing the device with enhanced security.

Follow these steps to associate the HTTPS service with a certificate attribute access control policy:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Associate the HTTPS service with a
certificate attribute access control policy

ip https certificate
access-control-policy
policy-name

Required
Not associated by default.

z

If the ip https certificate access-control-policy command is executed repeatedly, the HTTPS
server is only associated with the last specified certificate attribute access control policy.

z

If the HTTPS service is associated with a certificate attribute access control policy, the

client-verify enable

command must be configured in the SSL server policy. Otherwise, the client

cannot log onto the device.

z

If the HTTPS service is associated with a certificate attribute access control policy, the latter must
contain at least one permit rule. Otherwise, no HTTPS client can log onto the device.

z

For the configuration of an SSL server policy, refer to PKI in H3C WX6103 Access Controller

Switch Interface Board Configuration Guide

.

Associating the HTTPS Service with an ACL

Associating the HTTPS service with an ACL can filter out requests from some clients to let pass only
clients that pass the ACL filtering.

Follow these steps to associate the HTTPS service with an ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Associate the HTTPS service with
an ACL

ip https acl acl-number

Required
Not associated by default.

If the ip https acl command is executed repeatedly, the HTTPS service is only associated with the last
specified ACL.