Configuration considerations, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

935

Figure 409 Network diagram

Configuration considerations

To achieve the goal, perform the following configurations:

•

Configure SecPath to work as the HTTPS server and request a certificate for SecPath.

•

Request a certificate for Host so that SecPath can authenticate the identity of Host.

•

Configure a CA server to issue certificates to SecPath and Host.

Configuration procedure

1.

Configure the HTTPS server on SecPath:
# Create a PKI entity named en, and configure the common name as http-server1 and the FQDN
as ssl.security.com.

system-view

[SecPath] pki entity en

[SecPath-pki-entity-en] common-name http-server1

[SecPath-pki-entity-en] fqdn ssl.security.com

[SecPath-pki-entity-en] quit

# Create PKI domain 1, specify the trusted CA as ca server, the URL of the registration server as
http://10.1.2.2/certsrv/mscep/mscep.dll, the authority for certificate request as RA, and the

entity for certificate request as en.

[SecPath] pki domain 1

[SecPath-pki-domain-1] ca identifier ca server

[SecPath-pki-domain-1] certificate request url

http://10.1.2.2/certsrv/mscep/mscep.dll

[SecPath-pki-domain-1] certificate request from ra

[SecPath-pki-domain-1] certificate request entity en

[SecPath-pki-domain-1] quit

# Create the local RSA key pairs.

[SecPath] public-key local create rsa

# Retrieve the CA certificate.

[SecPath] pki retrieval-certificate ca domain 1

# Request a local certificate for SecPath.

[SecPath] pki request-certificate domain 1

# Create an SSL server policy named myssl.

[SecPath] ssl server-policy myssl

# Specify the PKI domain for the SSL server policy as 1.

[SecPath-ssl-server-policy-myssl] pki-domain 1