Configuring an ssl client policy – H3C Technologies H3C SecPath F1000-E User Manual

936

# Enable client authentication.

[SecPath-ssl-server-policy-myssl] client-verify enable

[SecPath-ssl-server-policy-myssl] quit

# Configure HTTPS service to use SSL server policy myssl.

[SecPath] ip https ssl-server-policy myssl

# Enable HTTPS service.

[SecPath] ip https enable

# Create a local user named usera, and set the password to 123 and service type to telnet.

[SecPath] local-user usera

[SecPath-luser-usera] password simple 123

[SecPath-luser-usera] service-type telnet

2.

Configure the HTTPS client on Host:
On Host, launch IE, enter http://10.1.2.2/certsrv in the address bar and request a certificate for
Host as prompted.

3.

Verify your configuration:
Launch IE on the host, enter https://10.1.1.1 in the address bar, and select the certificate issued
by the CA server. The web interface of SecPath should appear. After entering username usera and
password 123, you should be able to log in to the web interface to access and manage SecPath.

NOTE:
•

For more information about PKI configuration commands and the public-key local create rsa
command, see

VPN Command Reference.

•

For more information about HTTPS, see

Getting Started Guide.

Configuring an SSL client policy

An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL

client policy takes effect only after it is associated with an application layer protocol.
If the SSL server is configured to authenticate the SSL client, you must configure the PKI domain for the SSL

client policy to use to obtain the certificate of the client. For more information about PKI domain

configuration, see VPN Configuration Guide.
To configure an SSL client policy:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an SSL client policy
and enter its view.

ssl client-policy policy-name

Required