Configuring the port number of the https service – H3C Technologies H3C SecPath F1000-E User Manual
Page 278
3
NOTE:
•
After the HTTPS service is enabled, you can use the display ip https command to view the state of the
HTTPS service and verify the configuration.
•
Enabling of the HTTPS service will trigger an SSL handshake negotiation process. During the process, if
the local certificate of the device already exists, the SSL negotiation is successfully performed, and the
HTTPS service can be started normally. If no local certificate exists, a certificate application process will
be triggered by the SSL negotiation. Since the application process takes much time, the SSL negotiation
may fail and the HTTPS service cannot be started normally. Therefore, the ip https enable command must
be executed for multiple times to ensure normal startup of the HTTPS service.
Associating the HTTPS Service with a Certificate
Attribute Access Control Policy
Associating the HTTPS service with a configured certificate access control policy helps control the access
right of the client, thus providing the device with enhanced security.
Follow these steps to associate the HTTPS service with a certificate attribute access control policy:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Associate the HTTPS service with a
certificate attribute access control
policy
ip https certificate
access-control-policy
policy-name
Required
Not associated by default.
NOTE:
•
If the ip https certificate access-control-policy command is executed repeatedly, the HTTPS server is only
associated with the last specified certificate attribute access control policy.
•
If the HTTPS service is associated with a certificate attribute access control policy, the client-verify enable
command must be configured in the SSL server policy. Otherwise, the client cannot log onto the device.
•
If the HTTPS service is associated with a certificate attribute access control policy, the latter must contain
at least one permit rule. Otherwise, no HTTPS client can log onto the device.
•
For the configuration of an SSL server policy, see
PKI Configuration in the Firewall Web Configuration
Manual.
Configuring the Port Number of the HTTPS Service
Configuration of the port number of the HTTPS service can reduce the attacks from illegal users on the
HTTPS service.
Follow these steps to configure the port number of the HTTPS service:
To do…
Use the command…
Remarks
Enter system view
system-view
—