Https configuration example, Network requirements, Configuring a pki entity – H3C Technologies H3C SecPath F1000-E User Manual
Page 49
39
Figure 32 Associating HTTP service with ACL 2000
HTTPS configuration example
Network requirements
As shown in
, Host can access and control SecPath through web pages. To avoid malicious
users from accessing and controlling SecPath, users use HTTPS to access web pages on SecPath. SSL is
used to authenticate servers, preventing data eavesdropping and data modification.
To meet the requirements, configure SecPath as an HTTPS server and apply for a certificate for SecPath.
The name of the certificate authority (CA) that issues certificates to SecPath and Host is CA server.
NOTE:
•
This example uses a Windows server as the CA that has the Simple Certificate Enrollment Protocol
(SCEP) component installed.
•
Before proceeding with the following configuration, make sure that SecPath, Host, and CA are
reachable to each other.
Figure 33 Network diagram
Configuring a PKI entity
1.
Select VPN > Certificate Management > Entity from the navigation tree.
2.
Click Add.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS