beautypg.com

Ssl server policy configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

Page 94

background image

4

To do...

Use the command...

Remarks

Configure the policy to use a
hardware encryption card for SSL

encryption and decryption

crypto-accelerator encrypt
interface-number

Optional
By default, a policy uses software
for encryption and decryption.

NOTE:

If you enable client authentication here, you must request a local certificate for the client.

Currently, SSL mainly comes in these versions: SSL 2.0, SSL 3.0, and TLS 1.0, where TLS 1.0 corresponds
to SSL 3.1. When the device acts as an SSL server, it can communicate with clients running SSL 3.0 or TLS

1.0, and can identify Hello packets from clients running SSL 2.0. If a client running SSL 2.0 also supports
SSL 3.0 or TLS 1.0 (information about supported versions is carried in the packet that the client sends to

the server), the server will notify the client to use SSL 3.0 or TLS 1.0 to communicate with the server.

SSL Server Policy Configuration Example

Network requirements

As shown in

Figure 3

, users can access and control Device through Web pages. For security of the device,

it is required that users use HTTPS (HTTP Security, which uses SSL) to log in to the Web interface of the

device and use SSL for identity authentication to ensure that data will not be eavesdropped or tampered

with.
To achieve the goal, perform the following configurations:

Configure Device to work as the HTTPS server and request a certificate for Device.

Request a certificate for Host so that Device can authenticate the identity of Host.

Configure a CA server to issue certificates to Device and Host.

NOTE:

In this example, Windows Server works as the CA server and the Simple Certificate Enrollment Protocol
(SCEP) plug-in is installed on the CA server.

Before performing the following configurations, ensure that Device, Host, and the CA server can reach
each other.

Figure 3 Network diagram for SSL server policy configuration

10.1.1.1/24

10.1.2.1/24

Host

CA

10.1.1.2/24

10.1.2.2/24

Device

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: