beautypg.com

Configuring an ssl client policy, Configuration prerequisites, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 96

background image

6

On Host, launch IE, enter http://10.1.2.2/certsrv in the address bar and request a certificate for Host as

prompted.

Step3

Verify your configuration

Launch IE on the host, enter https://10.1.1.1 in the address bar, and select the certificate issued by the CA
server. The Web interface of Device should appear. After entering username usera and password 123,
you should be able to log in to the Web interface to access and manage Device.

NOTE:

For more information about the public-key local create rsa command, see

Public Key Commands in the

Security Volume.

For more information about HTTPS, see

HTTP Configuration in the System Volume.

Configuring an SSL Client Policy

An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL

client policy takes effect only after it is associated with an application layer protocol.

Configuration Prerequisites

If the SSL server is configured to authenticate the SSL client, when configuring the SSL client policy, you

need to specify the PKI domain to be used for obtaining the certificate of the client. Therefore, before

configuring an SSL client policy, you must configure a PKI domain. For more information about PKI
domain configuration, see PKI Configuration in the Firewall Web Configuration Manual.

Configuration Procedure

Follow these steps to configure an SSL client policy:

To do…

Use the command…

Remarks

Enter system view

system-view

Create an SSL client policy and
enter its view

ssl client-policy policy-name

Required

Specify a PKI domain for the SSL
client policy

pki-domain domain-name

Optional
No PKI domain is configured by

default.

Specify the preferred cipher suite
for the SSL client policy

prefer-cipher
{ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }

Optional
rsa_rc4_128_md5 by default

Specify the SSL protocol version for
the SSL client policy

version { ssl3.0 | tls1.0 }

Optional
TLS 1.0 by default

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: