beautypg.com

Configuring an ssl client policy – H3C Technologies H3C SecBlade LB Cards User Manual

Page 164

background image

153

[LB] public-key local create rsa

# Retrieve the CA certificate.

[LB] pki retrieval-certificate ca domain 1

# Request a local certificate for LB.

[LB] pki request-certificate domain 1

# Create an SSL server policy named myssl.

[LB] ssl server-policy myssl

# Specify the PKI domain for the SSL server policy as 1.

[LB-ssl-server-policy-myssl] pki-domain 1

# Enable client authentication.

[LB-ssl-server-policy-myssl] client-verify enable

[LB-ssl-server-policy-myssl] quit

# Configure HTTPS service to use SSL server policy myssl.

[LB] ip https ssl-server-policy myssl

# Enable HTTPS service.

[LB] ip https enable

# Create a local user named usera, and set the password to 123, user privilege level to 3, and

service type to web.

[LB] local-user usera

[LB-luser-usera] password simple 123

[LB-luser-usera] authorization-attribute level 3

[LB-luser-usera] service-type web

2.

Configure the HTTPS client on Host:
On Host, launch IE, enter http://10.1.2.2/certsrv in the address bar and request a certificate for

Host as prompted.

3.

Verify your configuration:
Launch IE on the host, enter https://10.1.1.1 in the address bar, and select the certificate issued
by the CA server. The Web interface of LB should appear. After entering username usera and

password 123, you should be able to log in to the Web interface to access and manage LB.

For more information about Configuring PKI commands, see "Configuring PKI." For more information

about the public-key local create rsa command, see Security Command Reference. For more information

about HTTPS, see System Management Configuration Guide.

Configuring an SSL client policy

An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL

client policy takes effect only after it is associated with an application layer protocol.
To configure an SSL client policy:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an SSL client policy

and enter its view.

ssl client-policy policy-name

N/A

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: