Troubleshooting web login, Cannot access the device through the web interface, Symptom – H3C Technologies H3C SecPath F1000-E User Manual
Page 50
42
# Create a certificate attribute-based access control policy myacp. Configure a certificate
attribute-based access control rule, specifying that a certificate is considered valid when it matches
an attribute rule in certificate attribute group myacp.
[SecPath] pki certificate access-control-policy myacp
[SecPath-pki-cert-acp-myacp] rule 1 permit mygroup1
[SecPath-pki-cert-acp-myacp] quit
# Associate the HTTPS service with SSL server policy myssl.
[SecPath] ip https ssl-server-policy myssl
# Associate the HTTPS service with certificate attribute-based access control policy myacp.
[SecPath] ip https certificate access-control-policy myacp
# Enable the HTTPS service.
[SecPath] ip https enable
# Create a local user named usera, set the password to 123 for the user, and specify the Web
service type for the local user.
[SecPath] local-user usera
[SecPath-luser-usera] password simple 123
[SecPath-luser-usera] service-type web
[SecPath-luser-usera] authorization-attribute level 3
2.
Configure the host that acts as the HTTPS client:
On the host, run the IE browser. In the address bar, enter http://10.1.2.2/certsrv and request a
certificate for the host as prompted.
3.
Verify the configuration:
Enter https://10.1.1.1 in the address bar, and select the certificate issued by new-ca. Then the
Web login page of the Device appears. On the login page, enter the username usera, and
password 123 to enter the Web management page.
NOTE:
•
To log in to the Web interface through HTTPS, enter the URL address starting with https://. To log in to
the Web interface through HTTP, enter the URL address starting with http://.
•
For more information about PKI configuration commands, see
VPN Command Reference.
•
For more information about SSL configuration commands, see
Network Management Command
Reference.
Troubleshooting Web login
Cannot access the device through the Web interface
Symptom
You can ping the device successfully, and log in to the device through Telnet. HTTP is enabled and the
operating system and browser version meet the Web interface requirements. However, you cannot
access the Web interface of the device.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS