Ssl configuration task list, Configuring an ssl server policy, Configuration prerequisites – H3C Technologies H3C S5120 Series Switches User Manual

1-3

SSL Configuration Task List

Different parameters are required on the SSL server and the SSL client.

Complete the following tasks to configure SSL:

Task

Remarks

Configuring an SSL Server Policy

Required

Configuring an SSL Client Policy

Optional

Configuring an SSL Server Policy

An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server

policy takes effect only after it is associated with an application layer protocol, HTTP protocol, for

example.

Configuration Prerequisites

When configuring an SSL server policy, you need to specify the PKI domain to be used for obtaining the

server side certificate. Therefore, before configuring an SSL server policy, you must configure a PKI

domain. For details about PKI domain configuration, see PKI Configuration.

Configuration Procedure

Follow these steps to configure an SSL server policy:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Create an SSL server policy
and enter its view

ssl server-policy policy-name

Required

Specify a PKI domain for the
SSL server policy

pki-domain domain-name

Required

By default, no PKI domain is
specified for an SSL server
policy.

Specify the cipher suite(s) for
the SSL server policy to
support

ciphersuite
[ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *

Optional

By default, an SSL server
policy supports all cipher
suites.

Set the handshake timeout time
for the SSL server

handshake timeout time

Optional

3,600 seconds by default

Set the SSL connection close
mode

close-mode wait

Optional

Not wait by default

Set the maximum number of
cached sessions and the
caching timeout time

session { cachesize size |
timeout time } *

Optional

The defaults are as follows:

z

500 for the maximum