Ssl server policy configuration example, Network requirements, Configuration considerations – H3C Technologies H3C SecBlade LB Cards User Manual
Page 163: Configuration procedure
152
SSL server policy configuration example
Network requirements
As shown in
, users need to access and control LB through webpages.
For security of LB and to make sure data is not eavesdropped or tampered with, configure LB so users
must use HTTPS to log in to the Web interface of the device.
Figure 72 Network diagram
Configuration considerations
To achieve the goal, perform the following configurations:
•
Configure LB to work as the HTTPS server and request a certificate for LB.
•
Request a certificate for Host so LB can authenticate the identity of Host.
•
Configure a CA server to issue certificates to LB and Host.
Configuration procedure
In this example, the CA server runs Windows Server and has the SCEP plug-in installed.
Before performing the following configurations, make sure LB, the host, and the CA server can reach
each other.
1.
Configure the HTTPS server on LB:
# Create a PKI entity named en, and configure the common name as http-server1 and the FQDN
as ssl.security.com.
[LB] pki entity en
[LB-pki-entity-en] common-name http-server1
[LB-pki-entity-en] fqdn ssl.security.com
[LB-pki-entity-en] quit
# Create PKI domain 1, specify the trusted CA as ca server, the URL of the registration server as
http://10.1.2.2/certsrv/mscep/mscep.dll, the authority for certificate request as RA, and the
entity for certificate request as en.
[LB] pki domain 1
[LB-pki-domain-1] ca identifier ca server
[LB-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll
[LB-pki-domain-1] certificate request from ra
[LB-pki-domain-1] certificate request entity en
[LB-pki-domain-1] quit
# Create the local RSA key pairs.