H3C Technologies H3C SecPath F1000-E User Manual

339

[SecPath] pki entity en

[SecPath-pki-entity-en] common-name http-server

[SecPath-pki-entity-en] quit

# Configure a PKI domain named sslvpn, and specify the trusted CA as ca server, the URL of the
RA server as http://10.2.1.1/certsrv/mscep/mscep.dll, registration authority for certificate

requesting as RA, and the entity as en.

[SecPath] pki domain sslvpn

[SecPath-pki-domain-sslvpn] ca identifier ca server

[SecPath-pki-domain-sslvpn] certificate request url

http://10.2.1.1/certsrv/mscep/mscep.dll

[SecPath-pki-domain-sslvpn] certificate request from ra

[SecPath-pki-domain-sslvpn] certificate request entity en

[SecPath-pki-domain-sslvpn] quit

# Generate the local RSA key pair.

[SecPath] public-key local create rsa

# Retrieve the CA certificate.

[SecPath] pki retrieval-certificate ca domain sslvpn

# Apply for a certificate for the SecPath.

[SecPath] pki request-certificate domain sslvpn

2.

Configure an SSL server policy for the SSL VPN service.
# Configure an SSL server policy named myssl, and specify the policy to use PKI domain sslvpn.

[SecPath] ssl server-policy myssl

[SecPath-ssl-server-policy-myssl] pki-domain sslvpn

[SecPath-ssl-server-policy-myssl] quit

3.

Configure SSL VPN.
# Specify the SSL server policy myssl and port 443 (default) for the SSL VPN service.

[SecPath] ssl-vpn server-policy myssl

# Enable the SSL VPN service.

[SecPath] ssl-vpn enable

4.

Verify the configuration.
On the user host, launch the IE browser and input https://10.1.1.1/svpn in the address bar. You
can open the Web login interface of the SSL VPN gateway.

NOTE:
•

For more information about PKI configuration commands, see

VPN Command Reference.

•

For more information about SSL configuration commands, see

Network Management Command

Reference.